What is Spear Phishing?
- Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.
- It is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.
- Spear-phishing can also trick people into downloading malware or malicious codes after people click on links or open attachments provided in messages.
How is it done?
- This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online.
- The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging.
Spear-Phishing vs. Phishing
- Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information.
- Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons.
- The attackers often disguise themselves as a trustworthy entity and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).
- Unlike spear-phishing attacks, phishing attacks are not personalized to their victims, and are usually sent to masses of people at the same time.
- Spear-phishing attacks target a specific victim, and messages are modified to specifically address that victim, purportedly coming from an entity that they are familiar with and containing personal information.
- Spear-phishing requires more thought and time to achieve than phishing.
- Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and to increase their chance of fooling recipients.
- Because of the personal level of these emails, it is more difficult to identify spear-phishing attacks than to identify phishing attacks conducted at a wide scale.
- This is why spear-phishing attacks are becoming more prevalent.
Why in News?
- Twitter Inc, whose internal systems were breached recently, said the incident targeted a small number of employees through a phone “spear-phishing” attack.
- Previously, a series of high-profile Twitter accounts were hacked and were used to dupe other users to transfer digital currency, bitcoins to the hackers’ account.
News in Detail
- Attackers have targeted specific employees who had access to account support tools.
- Hackers had accessed Twitter’s internal systems on July 15 to hijack some of the platform’s top voices including U.S. presidential candidate Joe Biden, former U.S. President Barack Obama and billionaire Elon Musk and used them to solicit digital currency.
- Publicly available blockchain records show the apparent scammers received more than $1,00,000 worth of cryptocurrency.