January 28, 2012

3.2.10 Vishing & Spear Phishing

Vishing

When you combine phishing with Voice over IP (VoIP), it becomes known as vishing and is just an elevated form of social engineering.

Spear phishing

Spear phishing is a unique form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.

In spear phishing, the attacker uses information that the target would be less likely to question because it appears to be coming from a trusted source. Because it appears far more likely to be a legitimate message, it cuts through the user's standard defenses like a spear and has a higher likelihood of being clicked.

With spear phishing, you might get a message that appears to be from your boss telling you that there is a problem with your direct deposit account and you need to access this HR link right now to correct it.

Spear phishing works because it uses information it can find about you from email databases, friends lists, and the like.

References:
CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment