It can be tricky to keep up with the many types of phishing attacks and the terminology. For instance, there are different names for mobile attacks, postal attacks, and even threats sent via SMS, plus much more. So, it is no wonder people get them all confused and call whale spears and spears regular phishing. But now to help with the terminology and all that confusion, we’ll outline the terms and the difference between the three.
What is a phishing attack?
Phishing is the umbrella word for different types of phishing attempts. It includes all types of phishing from whale, spear, smish or vish are under the umbrella term “phishing”.
To clarify phishing, a cybercriminal wants you to login to an imitation website. The website poses as a legitimate business such as a bank, parcel delivery or utility service.
Firstly, it tries to lure you there by way of a fake email, text message or another method. To try and lure you, the message sent, will look like the real thing, and emails can include aspects of the real website.
The imitation website can include stolen images and text from the genuine website, in their attempt to trick you into giving up your logins, or payment details, or both.
Meanwhile, criminals may change your login details and block your access depending on what their plan is intention with your stolen accounts.
These are the top 10 examples of phishing emails, if you want to know more.
What is spear phishing?
In hopes of having a few people respond to get their payday, regular phishing email and text attacks are poured out in their hundreds of thousands. The more the merrier when it comes to regular phishing.
But spear phishing has a more targeted approach, as the criminals are after specific people whether individuals or a certain person within a business. In general, the criminal’s motivation is financial but can include sensitive occupations like legal services or human rights workers.
What is whaling?
When it comes to phishing Whaling is the big fish, as criminals target the most valuable people within the company or an organisation. In other words, trying to catch a big fish typically means targeting the CEO, CFO, or other people crucial to the running of a business, called Whaling. These individuals have access to funds and are deeply involved in the everyday operations. For instance, payment process authorisation.
A common scam the scammers use is telling employees that the CEO/CFO needs large sums of money wired overseas. This is known as Business email compromise. Otherwise, if you are working in the finance area and your job involves money transfers, you need to watch out for bogus transfer requests. For example, you’re in payroll or some other aspect of finance. Most importantly businesses need safeguards in place in the way of processes to combat CEO/CFO fraud attempts. However, spear phishing has been known to target employees outside of the finance area too, and those not on the executive teams.