Spear phishing

The term phishing refers to an attempt to acquire sensitive information such as user names, passwords and credit card details.  Phishing is typically carried out by e-mail or instant messaging.  It often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Spear phishing is a more targeted type of phishing, that targets a specific organization, seeking unauthorized access to confidential data.  The apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.

Typically, the spear phisher will get the email address of a someone in the company, such as someone in management, or the network administrator.  Emails are then sent to people in the company, purporting to be from this person.  Typically they ask for user names and passwords, or for you to click on a link that downloads spyware, or a virus.

The success of phising lies in the email coming from a person the recipient knows, and trusts.  The body of the email is crafted to support the validity of the request.  So, even though an email claims to be from your network administrator, you need to verify that it is authentic, before you divulge any confidential information.

Email us for more help in securing your system against this threat.

 

Leave a Reply