The IT Law Wiki


30,443pages on
this wiki

Definition Edit

Spear-phishing is

impersonating a company employee/employer via e-mail to steal colleagues’ passwords/usernames and gain access to the company’s computer system.”[1]

“Spearphishing” is commonly used to refer to any targeted e-mail attack, not limited to phishing.

Overview Edit

The entity’s website and other public information are reviewed to obtain email addresses of employees and clients. The phisher then uses the information derived from the website to create its own emails and even a website, which copies the design of the legitimate institution. The more a phisher is able to mimic the look and feel of a particular institution, the more difficult it is for the victim to determine whether a particular communication is genuine. Once a phisher has established the trust of a victim, personal and financial information is requested. Some scams even attempt to mimic a problem with the victim’s account asking the victim to "login" to their account only to have that information stolen by the criminal.

As a general practice large companies do not request personal information by email, so any email that requests such information should be treated with caution. Additionally, slight, hardly noticeable, spelling errors in the "from" field of emails are a strong indicator of a phishing communication. Frequent phishing emails are sent supposedly from Blizzard Entertainment requesting customer login information for individuals with "World of Warcraft" accounts, however, an observant person will notice that these emails usually come from "Blizzad" or "Blizzand" rather than "Blizzard."

References Edit

  1. OECD, Online Identity Theft 8 (2009).

See also Edit

External link Edit

Around Wikia's network

Random Wiki