About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Spear Phishing vs. Phishing, Whaling, and Cloning

Spear phishing is a phishing attempt that tends to be more targeted than a normal phishing attack. Spear phishing could include a targeted attack against a specific individual or company. Spear phishing is generally more dangerous than regular phishing because phishing emails are so much more believable when they are tailored to attach a specific individual. However, even spear phishing can be protected against by a comprehensive phishing awareness training.

Spear Phishing Example

Spear phishing emails are personalized to make them more believable. A spear phishing example might look something like this: An attacker knows that you use a particular type of software, such as Microsoft 365, so they send an email that looks like a notification that you need to update your password. The link you click on in the email goes to a page that looks a lot like your 365 login screen, but it is actually a fake url under the control of the attacker. By prompting you to enter your username and current password, the attacker has just gained access to your 365 account and can gather sensitive information or sabotage your company.

This attack wouldn’t work as well if it was sent to someone who doesn’t use Microsoft 365, but the specificity is what makes it dangerous. It is believable because it is exactly the kind of email that employees receive every day.

Q2 2022 Phishing Review

The Cofense Intelligence™ team analyzes millions of emails and malware samples to understand the phishing landscape.

Read More

Angler Phishing

The demands of social media have created a host of new dangers for organizations active across the many distinct social platforms. Hackers now seek out dissatisfied customers of financial institutions and other similar business, create fake social media profiles to appear as customer services representatives and then direct unhappy customers to hacker-controlled websites where they attempt to acquire login credentials and security information for future use. Outside of credential harvesting, hackers are now delivering malware through targeted links that their victims believe will help them resolve their specific issue. The best way for users and organizations to protect themselves is to always verify that the social media account you are interacting with is authentic and if you are at all unsure contact the company directly instead of through social media.

Executive Phishing

Executive phishing is similar to a whaling phishing attack in that it can often target an executive or high-level employee employed by a company or organization, however this doesn’t have to be the case. Executive phishing has the attacker pose as an executive and target a specific employee or group of employees working within the same group. This is an extremely targeted attack and requires that the attacker do targeted research and or have inside information that would allow them the information they needed to successfully fool their victim or victims. The best way to prevent this type of phishing attack is to always have your teams verify payment or credential requests as these are the two most common targets for hackers.

Spear Phishing And Whaling

Depending on how influential the individual is, this targeting could be considered whaling. Whale phishing, much like spear phishing is a targeted phishing attack. Whale phishing is aimed at wealthy, powerful, or influential individuals. Much like spear-phishing, successful attacks are usually aimed at a specific individual rather than an indiscriminate attack that is usually associated with a regular phishing attempt. Whaling attacks are becoming increasingly common due to the “whale” generally having complete access to the sensitive or desired information. Cybercriminals often target the boss – or the whale — rather than someone lower down in the chain of command because the whale can access information and resources that no other employee can reach.

Barrel Phishing or Double-Barrel Spear Phishing

This type of phishing varies from most spear phishing because these attackers use a two-pronged approach to trick their targets, whereas spear phishing usually involves a single email to a specific person. Barrel phishing often involves two emails; the first one is usually safe, and intended to establish trust. The second email, which may be cast as a follow-up, contains a malicious link or attachment with an innocent-seeming request. For example, message 1 might say, “Hi. I have a question.” The second email then might say something like, “Me, again. Would you check this file for errors? It’s important.” Engaging with the link or attachment leads to credential theft, a malware infection or other type breach.

Clone Phishing or Cloning

While spear phishing and whaling are harmful, clone phishing is a bit of a game changer. Clone phishing is a little different than a typical phishing attempt. A clone phishing attack uses a legitimate or previously sent email that contains attachments or links. The clone is a near copy to the original where the attachments or links are replaced with malware or a virus. The email is typically spoofed to appear like it is being sent by the original sender and will claim it is a simple re-send. What’s worse, the email is sent out to a large number of recipients and the attacker just waits for the victims who click it. When a victim succumbs to the cloned email, the attacker forwards the same forged email to the contacts from the victim’s inbox. This type of attack is considered the most harmful because it is hard for victims to suspect a spoofed email.

Vishing and Smishing

Vishing (voice phishing), involves using a phone to trick victims into handing over sensitive information, rather than an email. In a vishing attack, the threat actors call their target and use social engineering tactics to manipulate them into providing credential or financial information. Tactics often involve, like a lot of phishing attacks, a deadline or time limit to create a sense of urgency or impersonating someone with authority in order to make the user feel like they have no choice but to hand over information. Smishing is a closely related phishing attack that also uses phone numbers. But instead of voice mail, smishing uses text messages to trick users. These messages could contain a phone number for a targeted user to call or a link to an attacker-controlled website hosting malware or a phishing page. Victims tend to trust text messages more than a suspicious email. But, it’s more challenging to identify a vishing attack than a phishing and smishing attack.

Teach users to identify real phish.

Discover how Cofense PhishMe educates users on the real phishing tactics your company faces.

Get a Demo

Preventing Phishing Attacks of All Kinds

When comparing spear-phishing vs. phishing, speed phishing or anything else, prevention should be your business priority. Running a successful spear-phishing prevention campaign can improve your business’s chances of preventing a successful attack.

Frequently Asked Questions

Is spear phishing the same as phishing?

Spear phishing is a type of phishing that targets a specific person or team. Lures are carefully developed to be of particular interest and relevance to the target. Attackers invest more time and effort into spear phishing to achieve the desired criminal outcome. This makes spear-phishing campaigns particularly serious.

Are there different types of spear phishing?

Spear phishing may vary in method and objective. Common types of targeted phishing campaigns include whaling, cloning (or clone phishing), vishing and smishing. Whaling targets a “whale,” someone who is wealthy, powerful or influential. Monetary return or reputational damage is often the motive. A clone email is usually a near-exact replica of an email that may be legitimate. It gets responses because of its similarity to a message that isn’t malicious. Vishing and smishing are similar. Vishing uses voice mail messages to trick targets into providing login credentials, money or financial information. Smishing usually has the same goal but lures are delivered via text message.

How can I stop spear phishing?

The best way to defend against spear phishing often is preventing it through training that helps condition users to recognize these types of criminal campaigns. Cofense and other organizations offer extensive tools, as well as free resources, for recognizing and fighting spear phishing. Cofense resources, free and available on demand, include videos, articles, webinars, infographics and more.

Sign Up for a Demo Now!

Teach users to identify real phish. Discover how Cofense PhishMe educates users on the real phishing tactics your company faces.

Gone Phishing: 2015 Global Malware Round Up Report
Cofense Metrics