Wednesday, January 13, 2016

Spear phishing and whaling

Spear phishing is an attempt to target a specific organisation with phishing.

Ordinary phishing is bulk-spread and usually quite easily recognized as a phishing attempt, it's obviously aimed at the "more naïve" internet user ...

Spear phishers on the other hand e.g. will trick employees to install trojans by pretending they are from the ICT department.

Whaling is a more specific type of spear phishing, where members of the upper management are targeted.  The attacker spends some time on social media to find out more about his victim (colleagues, business partners, ...) to make the phishing attempt more convincing.

It's probably a good idea (as Linkedin already suggests) to only add known persons to your contacts/friends/...

Spear phishing success rates are quite high but often aren't publicly disclosed for obvious reasons.

No comments:

Post a Comment