Home > S > spear-phishing
« speako    Special K »
spear-phishing
pp. Phishing targeted at a specific person, usually by sending an e-mail message crafted to appear as though it was sent by someone known to the recipient. Also: spear phishing, spearphishing.
spear-phish v.
spear phish n.
spear-phisher n.

Example Citations:
More recently, however, a hybrid form of phishing, dubbed "spear-phishing," has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims.

Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and Web sites not only look like near perfect replicas of communiqués from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked.
—Timothy L. O'Brien, "Gone Spear-Phishin'," The New York Times, December 4, 2005

"After three unsuccessful attempts to access your account, your Online Profile has been locked. This has been done to secure your accounts and to protect your private information. You may unlock your profile by going to: ..."

Sounds like a normal phishing e-mail, right? But what if the e-mail seemed to come from the head of IT at your small business, warning about your company account? Would you click the link?

Today's phishers hope so. In fact, the excerpt above didn't appear in the usual global barrage of e-mail sent out to catch recipients with eBay or PayPal accounts. Instead, it went exclusively to students and faculty of the University of Kentucky as part of a directed, or "spear-phishing," attack against the small, 33,000-member university credit union this May.
—Erik Larkin, "Spear phishing," PC World, November 1, 2005

Earliest Citation:
The APWG is still reviewing and receiving proposals for this meeting. The working agenda for the meeting as of August 20, 2004 is as follows:

Spear Phishing: What Happens when Phishers optimize the “list-creation” aspect of phishing?
—"APWG September Meeting in Washington, DC," Anti-Phishing Working Group, August 20, 2004

Related Words:
419 scam
cramming
crimeware
dot con artist
identity theft
phishing
password trap
phone phishing
puddle phishing
scam baiting
smishing
targeted Trojan horse
vishing

Categories:
Communications
E-mail
Hacking and Hackers
Internet
Privacy and Security
Crime

Posted on December 5, 2005