Phishing normally have two types of people as its targets:
- Spear phishing. In this an email is designed to look like it was sent from a user's manager within an organization. Spear-phishing attacks target a particular person or group of people, usually low-level to mid-level employees.Unsuspecting targets may be fooled by name recognition of trusted names or brands.
- Whale phishing. The term whaling is used to describe the size of the attack. Whaling targets are larger authorities within the organization like high-level company executives, like CFOs or CEOs. Employees in high-level positions have the most access to this critical data, which makes them natural targets in this type of phishing attack. Whale phishing creates email messages that look like they are from a trusted brand or client to manipulate the victim into enacting wire or data transfers to the attacker, for example. These email messages are branded with personal or professional information pertinent to the target -- such as job title, name or other details -- gleaned from a variety of sources via social engineering. The level of personalization provides the victim with a false sense of security.
It takes only one click to affect or even compromise the whole network. This is complicated by the fact that many types of phishing scams are not easily eliminated by software alone. It takes a combination of threat detection systems, security awareness training and a vigilant security team to create a solid defense against phishing threats.
