Select Dynamic field

Phishing vs Spear Phishing: What’s The Difference? (Plain English)

What’s the difference between phishing and spear phishing?
Phishing is a more generic attack that uses emails or messaging that is sent to large groups. Spear phishing, on the other hand, is highly targeted and will target a single individual or small group of team members within a company. They are more sophisticated and seek a particular outcome.

Whatever kind of phishing attack you discuss, the attacker’s goal is the same.
They want the target to click a link, download a file, enter credentials, provide information, or take some other detrimental action.
Criminals have come up with a myriad of schemes to accomplish this.

Traditional Phishing

Phishing is actually the more general term that refers to any kind of malicious email or messaging that tries to get an individual to take detrimental actions.
As previously mentioned, phishing attacks are usually sent out to many more people than a spear phishing attack.

The attacker simply sends the phishing email to a list of addresses they have obtained and hope that someone falls for it.

Fortunately, more people recognize them and avoid them.

So, when an attacker is targeting a specific company, they usually use spear-phishing and go after a select group of individuals.

It helps them not be caught.

These spear phishing emails are well-planned to look legitimate.

They may ask the victim to open a file or log into a portal somewhere.

Over the last few years, we have seen more sophisticated attackers using spear phishing with great success.

By now, you should understand the basic premise of phishing.
So, let’s look at some of the unique characteristics of spear phishing attacks.

Common characteristics of spear phishing attack messages

Creating emotion

People typically respond out of logic or emotion.

Phishing emails usually try to trigger an emotional response rather than a logical one.

People can make bad choices when responding out of emotion.

This is something to look for in spear phishing emails.

They usually cause some kind of subtle emotion.

Common emotions are fear, excitement, authority, sympathy, and ego stroking.

Come from a trusted “sender”

Links and attachments

Quick Spear Phishing Case Study

1) Planning

2) Attack Setup

3) The Attack

How to Protect From Spear Phishing (or Phishing)

What can you do to protect yourself from spear phishing?

The best way to protect yourself and your organization from spear phishing attacks is to train your employees to identify and report them. Attackers will constantly morph their attack methods, but if your employees are trained well, they will stop the majority of spear phishing emails.

Security awareness training

Solution Spotlight:

Email authentication

Out of band verification