Like Phishing, Spear-Phishing takes its name from Password Harvesting Fishing. It is a kind of e-mail fraud wherein the perpetrator sends out legitimate-looking e-mails, typically with links to fraudulent Web sites that appear to come from well known and trustworthy sources. Phishers attempt to gather personal and financial information from the recipient for purposes of identity theft. As the name implies, Spear-Phishing is a much more targeted and efficient approach to identity theft. It is a personal attack because the hackers know something about the recipients. When Spear-Phishing, criminals infer affiliations from search histories and send e-mails to known members of an institution. E-mail recipients are much more likely to be fooled by fraudulent sites if they have an affiliation with the institution whose site is being "spoofed." Approximately 19% of recipients respond to Spear-Phishing attacks. It's one of the most dangerous threats to Internet users. Targeted phishing attacks against known members or customers of a particular enterprise, typically those that are small to mid-sized. Spear-Phishing yields far higher returns than phishing, and relies on the membership/customer database being compromised. |