Printer Friendly
Dictionary, Encyclopedia and Thesaurus - The Free Dictionary
3,918,592,160 visitors served.
forum Join the Word of the Day Mailing List For webmasters
?
Dictionary/
thesaurus
Medical
dictionary
Legal
dictionary
Financial
dictionary
Acronyms
 
Idioms
Encyclopedia
Wikipedia
encyclopedia
?

phishing
(redirected from Spear phishing)

    Also found in: Dictionary/thesaurus, Financial, Wikipedia 0.01 sec.
phishing
Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.

The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
(security)phishing - ("brand spoofing", "carding", after "fishing") /fishing/ Sending e-mail that claims to be from some well-known organisation, e.g. a bank, to trick the recipient into revealing information for use in identity theft. The user is told to visit a web site where they are asked to enter information such as passwords, credit card details, social security or bank account numbers. The web site usually looks like it belongs to the organisation in question and may silently redirect the user to the real web site after collecting their data.

For example, a scam started in 2003 claimed that the user's eBay account would be suspended unless he updated his credit card information on a given web site.
Want to thank TFD for its existence? Tell a friend about us, add a link to this page, add the site to iGoogle, or visit the webmaster's page for free fun content.
?Page tools
Printer friendly
Cite / link 		Feedback
Mentioned in?  References in periodicals archive?   Encyclopedia browser?   Full browser?
No references found
 
Rob Lee, a digital investigations expert who works at Mandiant, said Tuesday on a conference call that all of intrusions his company now investigates -- about 40 large-scale breaches per year -- either are perpetrated by a client-side exploit launched through a spear phishing email or through an SQL injection attack, in which hackers exploit a vulnerability on a company's public-facing website.
SANS finds pros overlooking dangers of client, web apps by Dan Kaplan / SC Magazine
Spear phishing involves sending targeted e-mails to specific customers of a single company in the hopes of snaring a gullible victim before the attack can be detected, rather than blasting millions of e-mail messages that may not even reach actual customers of an institution.
By invitation only: insurers are challenged to protect customer ... by Voelker, Michael P. / Tech Decisions
Spear phishing - attacks which target specific individuals or organizations - also developed yet another angle, this time in the form of an email that claimed to be a court summons for the United States District Court, for the recipient to appear before a Grand Jury.
Security Alert : Spam reaches its 30th birthday by The Star (Amman, Jordan)
 
 
 
Encyclopedia
?

Terms of Use | Privacy policy | Feedback | Advertise with Us | Copyright © 2012 Farlex, Inc.
Disclaimer
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.