Phishing is trying to get information from you like usernames, passwords, social insurance number and credit card numbers or details by masquerading as an entity that you trust (like a bank or a credit card company) in an e-mail to lure you into taking actions. This e-mail might include:
- Links to websites that are infected with Malware
- Links to websites that look like actual websites, but that are facades, to get you to input your login information
- Email might have attachments that are infected with a virus, like a PDF or DOC file
Typically these attacks don’t mention you by name, and look to be more of a generic statement.
Spear phishing is a more sinister type of Phishing that uses email messages that appear to come from well-known and trusted sources. The e-mails have well written titles, and look like they pertain to you. Spear phishing is usually a much more narrowly aimed attack to try to get specific information from a specific group of individuals. Spear phishing emails would look like they are from:
- Your boss, or a specific family. These folks may have had their accounts compromised. That is where spear-phishing thrives and may only be trying to add you to the list (along with your contacts), to expand the infection.
- The e-mail looks very realistic, and will mention you by name, and seem genuinely sent to you.
This will lull you into a false sense of security, so that you either open the infected attachment, or the nefarious link attached to the email. Some examples might be:
- If it was from a friend of family member the link might be, “here is a link to our vacation photos”, but it is not that, at all!
- An email from your credit card company that mentions part of your credit card number like
**** *** **666 and say you need to change your password, pointing to a web-site (which is their password catching site).
Many folks have been tricked by spear-phishing, so you will need to keep up your diligence when receiving emails or links from trusted sources.