Phishing, Spear Phishing and Whaling

General phishing attacks target populations with specific types of accounts. These might be individuals with Yahoo or Gmail email accounts or individuals who bank at Zenith Bank.

Spear phishing aims to collect information about a specific organization or company. Using details available from news stories, press releases, LinkedIn, and other sources, an attacker crafts an email message. Spear phishing messages may appear to originate from a large or well-known company or website or from a coworker or a member of the management team. Spear phishers usually request user names and passwords, or ask victims to click a link that secretly installs drive-by downloads on their PCs. If one employee falls for this ploy, a spear phisher can impersonate that victim and ultimately obtain administrative passwords, bank account information, access to intellectual property, or other valuable data.

Whaling attacks target high-ranking executives at major organizations or other highly visible public figures.