There are a lot of forms of cyber attacks these days. One of the most common ones comes in the form of email attacks, such as phishing and spear phishing.


Similar to “fishing,” this kind of cyber attack is when someone tries to lure a victim into clicking on a malicious link or attachment via email. However, the difference between spear phishing and phishing lies in how the victim is targeted. Phishing is non-specific, while spear phishing targets one specific individual.


Phishing vs. Spear Phishing

Let’s start with phishing. This form of cyber attack is sent to random recipients with the expectation that a few people will respond. On the other hand, spear phishing is targeted at a single person using information gathered from online sources. In this type of attack, the attacker will use a personalised bait to lure a person.


How Phishing and Spear Phishing Work

Phishing involves automated off-the-shelf kits to gain credentials through fake login pages for banking or email services. These can be used to spread malware. The most standard form of phishing requires less effort than spear phishing, and it is most common.


Spear phishing uses malicious documents attached to the email. Today, these documents are now placed on legitimate sites, such as Google Drive, OneDrive, or DropBox, as these are sites that will less likely be blocked by the IT department.


The use of online sources, like social media, can inform an attacker about the hierarchy of job descriptions of people in a company as well as personal insights into the target’s life. This information will provide the attacker with a detailed picture of how to form the best attack.


Are You at Risk?

There are certain people who are at a higher risk for this form of cyberattack. CEOs, for one, are at a higher risk of being impersonated as well as executives. Human resource departments may also be vulnerable to these types of attacks and also, attackers may disguise themselves as suppliers.


How to Avoid the Bait

You can avoid phishing and spear phishing baits by training your employees to know how to spot potential phishing emails. You should also always check the spelling of the sender’s email because it is often spoofed to look like a legit domain.


Pay close attention to the wording and terminology of the email and use spam filters, malware detection, and antivirus on all devices. It’s also crucial to have a system for all phishing attacks to be reported to warn other people in the company.


Stop Phishing Attacks Now

Although phishing attacks may be challenging to stop, they can still be avoided. Now that you know the two forms of online phishing attacks today, your awareness will allow you to easily  spot a bait, which will help you prevent it from wreaking havoc on your company or your personal life. It is important you stay informed in keeping your cyberspace safe and secure as every day, there seem to be new attacks happening all over the internet.


FraudWatch International offers reliable online brand protection in Australia. Let us help you stay safe online. Contact us today!