What is Spear Phishing?

Abnormal Security -

Phishing is the most common form of cyberattack in the world. Approximately 74% of organizations within the United States will experience a successful phishing attack at some point.

Spear phishing, on the other hand, is a more targeted form of a phishing attack and is far more sinister. Targeted phishing can put your organization at risk. In this guide, we explore what spear phishing attacks are and how to defend against them.

Spear Phishing Explained

A spear phishing attack is executed by sending emails to well-researched targets to secure money or information, or to successfully install malware on the target’s computer.

These highly effective scams are carried out by sophisticated attackers and can be incredibly difficult to stop.

Phishing vs. Spear Phishing

Phishing campaigns seek out low-level targets in large numbers. They can be easily created by someone with little to no technical experience and are generic in nature.

On the other hand, spear phishing is purpose-built to attack a specific individual or entity. They are highly detailed and require large amounts of research to successfully impersonate a known individual and win the target’s trust.

In short, the difference is that spear phishing is designed for a specific target, whereas conventional phishing campaigns look to cast a wide net.

Whale Phishing

To make matters worse, attacks exist on an even higher level called whale phishing. These targeted phishing campaigns typically target high-level executives through impersonation. Because these executives have access to financial information, sensitive data, and other high-level items, they are considered a big fish—or a whale.

Using a high-level executive’s superior rank, attackers use whale phishing to coerce lower-level employees into sharing sensitive information or sending funds to the attacker’s account.

What is the Goal of Spear Phishing?

A  spear-phishing attack has many of the same goals as a conventional phishing campaign as attackers look to extract information or money from the target. That said, global security experts are increasingly finding that attackers are looking to compromise API and session tokens.

The post What is Spear Phishing? appeared first on Abnormal Security.

Read More.....