Phishing, as the name suggests, involves trying to catch a specific fish. A phishing email includes information specific to the recipient to convince them to take the action the attacker wants them to take. This starts with the recipient’s name and may include information about their work or personal life that attackers can obtain from various sources.
Wto pull it’s a form of phishing, especially after the really big fish—think CEOs, board members, celebrities, politicians, etc.
How phishing attacks work
Phishing attacks don’t just happen out of sight. Here’s a look at the specific steps in a spear phishing attack.
Entry. Like most attacks, phishing often begins by compromising an email or messaging system in other ways—through standard phishing, for example, or by compromising the email infrastructure. Once inside the system, the attacker can move on to the next step: reprocessing.
Awareness. How attackers obtain the personal information they need to create their emails is an important form of phishing, as the entire attack process depends on the messages being credible to the recipient.
After gaining access to the system, the attacker “stays on the network for a while to monitor and track interesting conversations,” explains Ori Arbel, CTO of CYREBRO, a Tel Aviv-based security platform provider. “When the time is right, they email the target using credible context with insider information, such as bringing up past conversations or referencing specific amounts of previous money transfers.”
Source link