Class vs. mass – What distinguishes spear phishing from the conventional method?
Phishing attacks can also be differentiated by their target audience. In the case of spear phishing, cyber criminals deliberately deceive their victims with the intention of causing personal damage. In the “normal” attack tactic emails are automatically sent to a large number of people. In comparison, spear phishing attacks are targeted at a narrowly defined group of people or even individuals about whom the criminals have obtained precise information in advance.
One of the best-known forms of spear phishing is CEO fraud, in which hackers pose as someone with a leading position and thus influence business processes. In the case of automotive supplier Leoni, the cyber criminals were able to get hold of almost 40 million euros in 2016. The criminals are able to find useful information for their purposes from a wide variety of sources – from publicly accessible social media profiles and professional networks to the company website and personal exchanges, for example at trade fairs. You should, therefore, always be cautious when sharing internal company information as well as private information on the Internet.