Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

What is spear phishing?

Posted by Michael Bloch in online world (Saturday December 27, 2008 )

While the term has been around since at least 2006, I hadn’t heard it before and I guess that others haven’t either. So what is “spear phishing”?

Spear phishing, also known as whaling, is just a targeted form of phishing.

Normal phishing usually involves an email message with a link to the login interface of what appears to be a legitimate service the user is likely familiar with. The bogus interface collects the data which is then utilized by the fraudster controlling it in a variety of ways. Phishing attacks may also take the form of directing victims to a site where they are prompted to download malware and spyware, which then transmits login details to the fraudster. Normal phishing is more of a shotgun approach.

In spear phishing attempts, the phisher send emails to employees of a company, appearing to come from a member of management or co-worker of that company. As with a normal phishing scam, it is designed to trick you into divulging company passwords or other sensitive information. Unlike normal phishing where the messages are quite generic, a spear phishing attack may use all sorts of relevant personal/business information in the email to bolster its legitimacy.

It certainly works – earlier this year, around 2,000 senior corporate executives fell for a spear phishing email masquerading as an official subpoena. The targets were directed to a web site that required an add-on installed in order to view the “subpoena”. The add-on was actually a key logger that transmitted log-in credentials back to the phisher.

So, how do you tell if an email is legitimate or not? Probably the most reliable way is to view the email’s header information and ensure the sending server is associated with the company or individual the email claims to be from. Another good safety precaution is to never follow an email link to a login interface; use your browser bookmarks instead, or go to the site and navigate from there.

You can learn how to view and interpret email headers here.

Trivia – The first recorded mention of phishing occurred on January 2, 1996.


Anti-spam filtering services
Anti hacking tips for home based online business


Comments for What is spear phishing?

No comments yet.

Sorry, the comment form is closed at this time.