Phishing vs Spear-Phishing

Phishing is a homophone of fishing, although the metaphor of fishing (with a net) can be applied well to phishing. Phishing is where you send out an email to huge numbers of people, in the hope that a small number of people will be tricked by the email, and enter some personal details that allow a hacker (really a cracker) to do something malicious like take money out of your bank or steal your identity or passwords. So in this way, the hackers are casting a large net in the hope they can catch a few fish (phish?).

Spear-Phishing is where a hacker spends time targeting a single person or organisation. They do a lot of research in order to massively increase their chances of tricking the person. The metaphor or using a spear to catch a single fish accurately is a good one here Рit takes more skill to achieve this method. Example, a hacker might research a company’s current major project, and work out who is associated with that project, and then somehow compromise that person either through blackmail or trickery.

In some ways, phishing is more like stealing a wallet from passersby in a crowd, whereas spear-phishing is like planning a bank heist of a specific bank over several months. The latter taking far more skill.

Leave a Reply

Your email address will not be published. Required fields are marked *