Difference Between Phishing and Spear Phishing

By on May 9th, 2017 in cybersecurity, Malware, phishing, Security

I have mentioned phishing previously, but let me give you some explanations about two associated terms for this type of fraud.

Phishing is trying to get information from you like usernames, passwords, and credit card numbers or details by masquerading as an entity that you trust (like a bank or a credit card company) in an e-mail to lure you into taking actions. This e-mail might include:

  • Links to websites that are infected with Malware
  • Links to websites that look like actual websites, but that are facades, to get you to input your login information
  • Email might have attachments that are infected with a virus, like a PDF or DOC file

Typically these attacks don’t mention you by name, and look to be more of a generic statement.

phishing spearphishing
Difference Between Phishing and Spear-phishing

Spear phishing is a more sinister type of Phishing that uses email messages that appear to come from well-known and trusted sources. The e-mails have well written titles, and look like they pertain to you. Spear phishing is usually a much more narrowly aimed attack to try to get specific information from a specific group of individuals. Spear phishing emails would look like they are from:

  • Your boss, or a specific family. These folks may have had their accounts compromised. That is where spear-phishing thrives and may only be trying to add you to the list (along with your contacts), to expand the infection.
  • The e-mail looks very realistic, and will mention you by name, and seem genuinely sent to you.

This will lull you into a false sense of security, so that you either open the infected attachment, or the nefarious link attached to the email. Some examples might be:

  • If it was from a friend of family member the link might be, “here is a link to our vacation photos”, but it is not that, at all!
  • An email from your credit card company that mentions part of your credit card number like
    **** *** **666 and say you need to change your password, pointing to a web-site (which is their password catching site).

Many folks have been tricked by spear-phishing, so you will need to keep up your diligence when receiving emails or links from trusted sources.


Advertisements

About Author:

What do you think?