Phishing, Spear Phishing and Whaling
Spear phishing aims to collect information about a specific organization or company. Using details available from news stories, press releases, LinkedIn, and other sources, an attacker crafts an email message. Spear phishing messages may appear to originate from a large or well-known company or website or from a coworker or a member of the management team. Spear phishers usually request user names and passwords, or ask victims to click a link that secretly installs drive-by downloads on their PCs. If one employee falls for this ploy, a spear phisher can impersonate that victim and ultimately obtain administrative passwords, bank account information, access to intellectual property, or other valuable data.
Whaling attacks target high-ranking executives at major organizations or other highly visible public figures.