this post was submitted on 07 Sep 2023
988 points (99.0% liked)
Technology
59605 readers
3385 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm sorry, this is the first time I'm hearing the term spear-phish and I love it. It's hilarious.
It refers to targeting phishing attacks. With traditional phishing, scammers simply cast an ultra wide net and catch whichever one’s happen to respond. They don’t really care who it is, because they’re playing a numbers game. Even if only 0.1% of people respond, sending out a thousand phishing emails means you still got a response.
But with spear phishing, it’s a targeted attack. They’ll call you at your desk with a spoofed work number, and pretend to be the CEO’s assistant. The CEO needs you to go buy gift cards for a big sales event coming up. Don’t worry, it can all be expensed later, but he needs the cards now and doesn’t have time to deal with vendors and purchase orders. And now you’re reading gift card numbers to a scammer, because they knew enough about your workplace to be able to reasonably impersonate the CEO’s assistant.
It can also be used to refer to targeted attacks against company leaders or notable figures. Maybe someone has a fat crypto wallet, so someone targets them. Or maybe they try to trick the CEO into giving away a trade secret. Regardless of the reasons, the attack is still the same basic principle; Find a target, meticulously research them enough to be able to fool them, then attack. Most people will be good at avoiding regular phishing. But very few people are prepared for a coordinated and laser-guided spear phishing attack.
Thank you for the realistic depiction of how it can happen.