Spear phishing or whaling is a phishing scam targeted at persons with a greater than average net worth. The persons targeted can be a government official or a corporate executive of a financial institution or a Fortune500 company. These phishing scams differ from the phishing scams received by random email account holders because they target their victims individually. By providing personal details to give the impression the phisher knows more than they’re actually stating in the email the wealthy recipient can be duped into clicking on an email link to install malware or voluntarily reveal their home address, phone number or banking information.
One example of spear phishing is the official-looking court subpoena (with correct and verifiable information of the court included) that can be received through email with a link in the body. This link can install malware that allows the sender to take control of the computer and log everything typed or viewed including passwords and banking information. Remember, no official correspondence is delivered through email.
Phishers can collect basic personal information of wealthy corporate executives from the corporate email roster, from out-of-office reply information or from business networking communities. The information posted at these websites is just as available to any internet user as information posted at a social networking community website. Members regularly display birth dates, e-mail addresses, job titles, the name and address of the company they work for, the general vicinity where they live and information about work colleagues.
Many users of both social- and business-networking websites don’t seem to understand three important features. The potential quantity of persons capable of viewing their personal profile is unlimited, information posted can be viewed then used for any purpose the viewer imagines, and any person met online isn’t a friend. It is possible for one person to have thousands of online friends at an online community. But, a handful of these online people you are socializing or conducting business with may just be manipulating you. They may try to gain your trust so you will reveal corporate secrets or personally marketable information. When you’re online, there really isn’t an absolute way to determine if the person is whom they claim to be. Employers can use training and software to help prevent phishing. So, every internet user regardless of social or economic status must be aware of and avoid phishing scams whether they arrive in email or through the very nice online friend. To recognize what all scams have in common, read this article.