What is spear phishing? Examples, tactics, and techniques | #emailsecurity | #phishing | #ransomware


Spear phishing definition

Spear phishing is a targeted email attack purporting to be from a trusted sender.

In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. The ultimate aim is to either infect devices with malware by convincing the recipient to click a link or download an attachment, or to trick the recipient into taking some other action that will benefit the attacker, usually handing over information or money.

Spear phishing messages are often crafted with care using pernicious social engineering techniques and are difficult to defend against with mere technical means.

“What’s important to note about spear phishing is that the individual being spear phished isn’t often the real target,” J.R. Cunningham, CSO at Nuspire, a Michigan based MSSP. “Rather, their corporate environment is most likely the attacker’s ultimate end goal.”

Phishing vs. spear phishing vs. whaling

Phishing, spear phishing, and whaling are all types of email attacks, with phishing being a broader category of cyberattack that encompasses just about any use of email or other electronic messaging to trick people, and spear phishing and whaling being just two of a handful of different types of phishing attacks.

Most phishing attacks take the form of generic messages sent automatically to thousands of recipients. They’re written to be somewhat tempting—the attachment might have a name like “salary report,” or the link might be a fake lottery winning site—but no attempt is made to match the message content to any particular person who might be receiving it. The name derives from “fishing” (with the “ph” being part of the tradition of whimsical hacker spelling), and the analogy is of an angler throwing out a baited hook (the phishing email) and hoping some victim will swim along and bite.

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

fifty four + = sixty two