Spear phishing is an email targeted at a specific individual or department within an
organization that appears to be from a trusted source. It's actually cybercriminals
attempting to steal confidential information.
The same email is sent to millions of users with a request to fill in personal details.
These details will be used by the phishers for their illegal activities. Most of the
messages have an urgent note which requires the user to enter credentials to update
account information, change details, or verify accounts.
- Vishing is the phone's version of email phishing and uses automated voice
messages to steal confidential information.
- These attacks try to trick an employee into giving out confidential information
via a phone call.
- Vishing attacks use a spoofed caller ID, which can make the attack look like it
comes from either a known number or perhaps an 800-number that might cause
the employee to pick up the phone.
- Vishing often uses VoIP technology to make the calls.
- Vishing attacks can be focused on all employees, or against employees that
mainly deal with people outside the organization. Departments like the help desk,
PR, Sales, and HR are good to include in vishing security tests.
Phishing conducted via Short Message Service (SMS), a telephone-based text
messaging service. A smishing text, for example, attempts to entice a victim
into revealing personal information via a link that leads to a phishing website.