What's Make Spear Phishing Different From Plain Old Phishing And Whaling ?


Spear Phising

Just likes the old phising, Spear phishing is spoofing attack that work on email, has a specific organization or individual as target, and looking for unauthorized access for sensitive information. Spear phishing attacks is not initiated just by random hackers, but usually organized by someone for some financial gain, secret trade or even military information.

Different from regular phishing attacks that used spam email, spear phishing messages come from a  trusted traffic source. Phishing messages usually more likely to come from a trusted and well-known website or maybe company with a major membership base, as well as Google, Yahoo, MasterCard, or PayPal. 

The U.S. Department of Homeland Security and the FBI has detailed how some malicious hackers targeted a political party (the Democratic National Committee) in 2016. Those hackers used spear phishing to do that attack. 



But what spear phishing really is? 

You've probably heard of it. But all of the phishing scheme would try to deceive peoples to sharing sensitive information, such as credit card information or maybe Social Security number. Phishing attempts might be general and put a massive net across any possible potential targets.

Spear phishing is another type of phishing that depend on a more focused advent. A malicious perpetrator will target some specific groups of people, like particular company or, members of some political organization. Spear phishers filter their relevant messaging that fit their targets to increase the opportunity to obtain hits. With ordinary phishing, hackers can't get a target with specific language since they are trying to cast such a large and wide net. But with spear phishing, hackers can attemps attack into intended targets by some specification.



How does spear phishing work?

The perpetrator gather many specific data and information from social media about their potential targets, such as profession, relationships, and many other personal information. The perpetrators use these data to create a customized message that seem authentic to ensure targets to reply to the sender’s messages. Perpetrators may ask the user to reply directly to the messages that contain a malicious link or even attachment that automatically insert malware on the target's device by installation, or maybe directs the target to a fake website that is set up to fool them into divulge some sensitive and personal information such as passwords, or private and credit card information.



Whaling, Another variant of Spear Phising

There's one more variant of spear phishing that called whaling. Whaling is a massive attack that directly targeting high-level important officials and executives as well. This kind of attack can be customized to create the best opportunity for a hit. Whaling goals is the same as phishing and spear phishing, the perpetrators wants to ensure the targets to divulge some organization confidential or secret information.



How does whaling works ?

The attackers may send their potential target an email that seems to be an email from a trusted source (such as big company or websites). Most whaling campaigns contains a customized malicious website link that has been created especially for the attack, and then redirect targets to that website. From that actions, the perpetrators can start to collect the target's information.


The Difference : Spear phishing vs. ordinary phishing vs. whaling

As we know, spear phishing has the same goal just likes ordinary phishing does, but spear phishing attempt are more targeted. While ordinary phishing sent emails to massive amount of people, spear phishing sent emails to a specific group of people or an individual target. By limiting its target scale, it's easier for spear phising to insert personal information from targets. The example is like the target's first name, job, and even relationship, and make the targets trusted the malicious emails.

The same customized method is also used in whaling. A whaling phising attack is like a spear-phishing attack, but directed into high-profile targets just like executives, celebrities, and politicians. Whaling are also personalized to the target and use some kind of email and content spoofing technique for gather some sensitive data.


No comments for "What's Make Spear Phishing Different From Plain Old Phishing And Whaling ?"