Fishy Business: What Are Spear Phishing, Whaling and Barrel Phishing?

For threat actors, phishing embodies the holy trinity of goals: easy, effective and profitable. It’s no wonder that the 2022 X-Force Threat Intelligence Index reports that phishing was the top method used by attackers to breach an organization. Of all the attacks that X-Force remediated in 2021, attackers used phishing in 41% of them.

Because phishing is so successful, it has taken on a life of its own with numerous variants. Take a look at three trending types and how to prevent them.

What Is Spear Phishing?

Spear phishing attacks are more targeted than general phishing. They specifically aim to reel in higher-value companies and victims. The fishing analogy here would be spending more time going after bigger fish. For an attacker, spear phishing is often more profitable than the ‘spray and pray’ method of sending a general phishing attack to thousands of companies.

One of the main reasons why spear phishing is so successful is because adversaries will spend much more time researching their victims. The more they know about their specific targets, the better they can be at tailoring their message. Therefore, the chance of tricking the victim increases. For example, an attacker may spend time on the company’s social media accounts. Perhaps the company hosted a particular webinar, and the attacker could reference information about the topic in their phishing email.

It’s important to note that today, most spear phishing attacks can be launched quickly and easily. Typically, they take only a few clicks of the mouse. With pre-made phishing kits for sale on the dark web, the barrier to entry for adversaries is getting lower each year. 


Support the originator by clicking the read the rest link below.