What is the difference between spear phishing and phishing

Request a Demo. Why Tessian? Request a Demo of Tessian Today. Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day.

Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance. Subscribe to our blog. Industry insights, straight to your inbox every week.

Spear Phishing. This is a summary of the similarities and differences between phishing and spear phishing. Think of it this way: Phishing is like catching fish using a line — you cast your rod into the water and see what bites. With spear phishing, you choose the fish you want and aim the spear right at it. Jump to What is phishing? What is spear phishing?

Phishing vs. This is an example of a bulk phishing email. In this case, the attacker is impersonating Netflix. This is an example of a targeted spear phishing attack. In this case, the attacker is impersonating the target's colleague. Spear phishing succeeds through more sophisticated methods : send one fraudulent email containing personal information to a specific individual. Looking for more resrouces? We explore phishing, spear phishing, and other social engineering attacks in greater detail in the following articles: Phishing What is Phishing?

The spear-phishing attack may be an early stage in a multi-stage advanced persistent threat APT attack that will execute binary downloads, outbound malware communications and data exfiltration in future stages.

One example of bait is an email that looks like a message from Human Resources asking the employee to log in to the HR portal to update password information. When the employee clicks on the link provided in the email, the resulting webpage looks like the HR portal but is actually a mock-up. When the employee attempts to log in to the fake page, their login credentials are captured by the criminals behind the attack.

Those credentials will then be used by the attacker to access the network. Whaling attacks target one person, typically a highly placed executive , in order to steal money or gain sensitive information. Whaling attacks are used to conduct business email compromise BEC attacks, in which the ultimate goal is wire fraud. In these attacks, an executive with financial approval authority may receive an email from a C-level executive asking them to urgently transfer a large amount of money to cover a vendor payment or similar obligation.

BEC scams are a billion-dollar enterprise, and the amounts lost in a single transaction can be in the millions. Please take care of it right away. Here are the wiring instructions.

This is a form of business email compromise that happens more often than you might suspect. Spear phishing attacks are at the heart of many of the most serious, and expensive, data breaches. Email filters can stop large-scale phishing emails that contain known phishing URLs. Similarly, if an email contains an attachment with a known signature, a traditional email filter will catch it. However, if a phishing URL is an unknown threat, or if you get a personalized email from Bob that contains no URL or attachment, they will invariably slide right through most filters.

Thus, phishing, and especially spear phishing, comprise a dangerous but highly effective attack vector. Defense is possible, however. Phishing awareness training , for example, can help users learn to spot a phishing or spear phishing email. In addition, solutions like Vade Secure leverage artificial intelligence , including machine learning, to identify malicious emails, URLs, and attachments, as well as attempts to spoof the identity of colleagues and business acquaintances.

This article was originally published in and has been updated with new content. Not long ago, phishing was primarily aimed at