What is the Difference Between a Phishing Attack and a Spear Phishing Attack?

In the modern age, we are all educated on the danger of cyber attacks, and the destruction they can potentially cause. While Phishing attacks are among the most well-known attacks, they, like the technological world, continue to diversify. Attackers are trying to find new ways to target users, and engage in nefarious activity. In recent times, a new type of phishing attack has been created – called a Spear Phishing attack. In this article, we look at both, and provide the difference between the two. Read on!


Cyber attacks are on the rise

As mentioned, traditional phishing is a method well-known to many. These attacks are usually conducted by sending emails to a wide array of email addresses (which have usually been illegally gained), hoping to obtain a hit. Phishing attackers work on the assumption that the more people they reach, the higher the chance of duping someone into doing what they want. Emails can easily be circulated to thousands of people, and attackers will have a realistic hope of making many fall victim.


A phishing attack usually will appear in email form – ostensibly coming from a reputable source such as Amazon, eBay, or a bank. The general aim is for the user who receives the email to either open an attachment (which is infected with malicious code, unbeknownst to the reader), or to click on a link within the email. This link normally leads to a webpage that looks identical to an authentic site, only for the user to give their details away when entering their login information. Or, the link could lead to a highly-malicious site which leads the user’s computer to coming under the control of the hacker.




A spear phishing attack however is different, yet follows the same principles as a regular phishing attack. This attack will also seem to come from a trusted source. Yet while a traditional phishing attack targets as many people as possible, a spear attack will instead be more intricately crafted – with the aim of targeting just a few people, or in some cases, just one person. The general aim of this attack is someone in a senior corporate position, or someone who holds crucial or classified information. Technically however, anyone can be the target of a spear phishing attack.


Being cyber-aware is very helpful


The attacker will spend time on constructing the email. They will carefully investigate their victim – trawling through the Internet to look for any specific information that they can use in the email. In the end, the attacker will hope that they have such an accurate depiction of their victim’s life – that they can subsequently customise an email to target them perfectly. The aim is then to coax important, or financial information out of their victim. Spear phishing attacks are more rare, but can be more devastating.




So there we have it. Traditional phishing attacks target huge numbers of people, while a spear phishing attack is something more targeted to few people. It is a good idea to be informed of these different attacks, and to always be careful when opening emails from those you don’t know. It is easy to fall victim to either of these attacks, and as explained above, both can have catastrophic impacts on the victim. Hopefully, this article has informed, and can help keep you safe in the digital age!





Thanks for reading. UniEel is on Facebook and Twitter.