The most dangerous type of phishing is spear phishing. Unlike generic, template-based attacks, spear phishing involves gathering information about the target in order to tailor the phishing message to increase its likelihood of success.
A spear-phishing attack begins with the cybercriminal gathering information about the target, then using that information to establish a connection, and finally using that connection to force the target to perform an action.
Step 1: The Information (Bait)
Preparing the bait is the first of three steps in a phishing attack. This entails learning details about the target, which can be as simple as knowing that they use a specific service or work at a specific business. This is one of the reasons why data breaches involving non sensitive information can be so dangerous: if a service leaks a list of its users’ email addresses, criminals will be able to determine that all of the owners of those email addresses use that service and can target them with emails posing as from that service.
Step 2: The Promise (Hook)
Once the attacker has gathered the necessary information to use as bait, they must set the hook. To actually make the target perform an action, the attacker must make a promise or scare them into action.
Step 3: Launching the Attack (Catch)
The actual attack is the third stage of phishing. The cybercriminal sends out the email and waits for the prey to bite.
The nature of the scam will determine the attacker’s next move. For example, if they used a landing page to obtain the victim’s email password, they can then log in to the victim’s email account to gather more information and begin sending phishing emails to the victim. Contact Cegura Technologies right away to learn more about our services!
