Phishing is an attempt to maliciously obtain confidential information, such as financial or bank details, user login credentials, or credit card numbers. This invlves sending out large numbers of emails or text messages from ostensibly trustworthy entities, in an effort to get recipients to "take the bait". Common variations include fake emails from major banks, telling potential victims that their account has been suspended pending the verification of user credentials. The recipient is provided with a link to a malicious website posing as the bank in question, where he or she can “unsuspend” the account by logging into the banks ”security system”.
In reality, the criminals behind the Phishing Expedition use the gathered login credentials to hijack the victim’s bank account and deplete it of funds in short order, frequently within minutes of the victim’s login credentials being compromised.
Phishing is a numbers game that relies on blindly throwing out massive numbers of hooks, in an effort to catch as many dupes as possible.
Spear-Phishing also seeks to maliciously obtain confidential information. However, instead of throwing out lures blindly, spear-phishing is designed to target a specific individual. This requires a level of knowledge about the intended victim, such as who their employer is, who their friends are, where they live, their hometown, where they shop, and what they’ve bought recently.
Before the advent of social media this approach required a significant level of research, usually only worth the effort for higher-stakes scams. Nowadays, however, spending an hour or two poring over the intended victim’s Facebook posts will usually yield enough information to set up this kind of sting.
The attacker will assume the guise of a trusted friend, a department store where the victim made a recent purchase, or even a municipal authority, in order to acquire confidential information, such as credit card numbers or login credentials. This type of scam is usually executed through emails or online messaging services, though recent years have seen a marked increase in the number of telephone spear-phishing attacks carried out globally.
The number of cyber attack verctors is growing on a daily basis, with phishing, business email compromise, and social engineering at the head of the line. We safeguard your crucial systems against the growing number of threats facing them. Find out more...