Spear Phishing Clause Samples

Spear Phishing. Phishing has recently evolved into a kind of attack known as “spear phishing”, which is widely used in current SE attacks. It usually targets employees or members within an organization rather than system end-users. Spear phishing is characterized by the use of context-specific messages, based on specific knowledge of individuals and their organizations (including social- network information), which can deceive also individuals who would recognize a traditional phishing attack; spear phishing also uses more sophisticated techniques than in early generations of phishing scams [111][112][131]. This requires the attacker to spend time in understanding the target, with the aim of creating an effective spoofed email and phishing site [106]. Spear phishing is increasingly being used against high-level targets (aka “whaling”, [110]), and is responsible for some recent, high-profile corporate data breaches; accordingly, it has become a key part of the Advanced Persistent Threats (APTs) that companies and governments are facing today [106]. For instance, in 2011 notable attacks occurred against well-known security firms such as RSA, which resulted in further hacks against their client Lockheed ▇▇▇▇▇▇ [112].