Spear phishing is the use of spoof emails to persuade people within a company to reveal their usernames and passwords.
Unlike phishing, which involves mass-mailing, spear phishing is small-scale and well-targeted. The spear phisher mails users in a single business. The emails appear to come from another member of staff at the same company and ask you to confi rm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website or intranet. When you reply, the phisher takes the details and misuses them.
The spear phisher can easily generate the victims’ addresses by using spammers’ software that combines given names and family names, for example. He or she also needs to send emails to only a single domain, which makes it less likely that the email will be detected as spam.
Sophos.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment