When hackers target small and medium-sized businesses they are increasingly doing so in a more targeted way. Whereas phishing attacks cast a wide net hitting many potential targets, spear phishing gets more to the point.<\/p>\n
Spear phishing is an email scam that targets a smaller group or organization in a more targeted way. Its sole purpose is obtaining unauthorized access to sensitive data like intellectual property, trade or military secrets, financial data or personal data to use to blackmail.<\/p>\n
Just like in regular, broader-based and more scattershot phishing, it starts with an email arriving from an apparently trustworthy source. But it\u2019s not. Instead it leads the unknowing recipient to a fake website full of malware. Expect these emails to use clever, often emotionally-laden tactics to get attention and action. For example, many spear phishing attacks might pose as from the National Center for Missing and Exploited Children.<\/p>\n
Spear phishing attacks employ very specific, individually-defined approaches and techniques to personalize messages and websites. Often high-ranking targets and top executives get hooked, providing cyber criminals with top-level access to sensitive company information and networks. With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.<\/p>\n