Products
Products
Awareness
Awareness
Cofense PhishMe
Cofense LMS
Detection
Detection
Cofense Reporter
Cofense Triage
Response
Response
Cofense Vision
Cofense PDC
Intelligence
Intelligence
Cofense Intelligence
Cofense Labs
Solutions
Solutions
Solutions by Industry
Solutions By Industry
Critical Infrastucture
Financial Services
US Federal Government
Healthcare
Higher Education
Legal & Professional Services
Manufacturing
Energy/Utilities
Technology
Retail
Solutions by Topic
Solutions by Topic
Incident Response
Security Awareness
Small Business
Compliance Resources
Election Security
Solutions by Role
Solutions by Role
Security Leadership
Incident Response
Threat Intelligence
Security Awareness
About Cofense
About Cofense
Our Company
Our Company
About Us
Events
Awards
Investors
Careers
News Center
Leadership
Leadership
Management Team
Board of Directors
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Build Resilience
Build Resilience
Cofense PhishMe Free
Cofense CBFree
Awareness Toolkit
Create Transparency
Create Transparency
CloudSeeker
Sextortion Lookup
Speed Response
Speed Response
Threat Alerts
Resources
Resources
Resource Library
Resource Library
All Resources
Whitepapers
Videos
Infographics
Webinars
Podcasts
Resources by Topic
Resource by Topic
Security Awareness
Ransomware
Sextortion
Community & News
Community & News
User Community
Blog
News & Press Releases
Request a Demo

Spear Phishing vs Phishing

Spear phishing is a phishing attempt thate tends to be more targeted than a normal phishing attack. Spear phishing could include a targeted attack against a specific individual or company.  Spear phishing is generally more dangerous than regular phishing because phishing emails are so much more believable when they are tailored to attach a specific individual. However, even spear phishing can be protected against by a comprehensive phishing awareness training.

Spear Phishing Example

Spear phishing emails are personalized to make them more believable. A spear phishing example might look something like this: An attacker knows that you use a particular type of software, such as Microsoft 365, so they send an email that looks like a notification that you need to update your password. The link you click on in the email goes to a page that looks a lot like your 365 login screen, but it is actually a fake url under the control of the attacker. By prompting you to enter your username and current password, the attacker has just gained access to your 365 account and can gather sensitive information or sabotage your company.
This attack wouldn’t work as well if it was sent to someone who doesn’t use Microsoft 365, but the specificity is what makes it dangerous. It is believable because it is exactly the kind of email that employees receive every day.

Spear Phishing And Whaling

Depending on how influential the individual is, this targeting could be considered whaling. Whale phishing, much like spear phishing is a targeted phishing attack. Whale phishing is aimed at wealthy, powerful, or influential individuals. Much like spear-phishing, successful attacks are usually aimed at a specific individual rather than an indiscriminate attack that is usually associated with a regular phishing attempt.
Whaling attacks are becoming increasingly common due to the “whale” generally having complete access to the sensitive or desired information.

Clone Phishing

Clone phishing is a little different than a typical phishing attempt. A clone phishing attack uses a legitimate or previously sent email that contains attachments or links. The clone is a near copy to the original where the attachments or links are replaced with malware or a virus. The email is typically spoofed to appear like it is being sent by the original sender and will claim it is a simple re-send.

Preventing Phishing Attacks of All Kinds

When comparing spear-phishing vs. phishing or anything else, prevention should be your business priority. Running a successful spear-phishing prevention campaign can improve your business’s chances of preventing a successful attack.

Gone Phishing: 2015 Global Malware Round Up Report
Cofense Metrics
Cofense Headquarters

1602 Village Market Blvd, SE #400
Leesburg, VA 20175
Tel: 1-888-304-9422

Sitemap
Copyright © 2020 Cofense. All rights reserved.

Privacy Policy | Legal

Under 500 employees?

Cofense PhishMe Free, our no-cost phishing defense solution, was created just for you!

Sign up for your free account