Tag: spear phishing

The evolution of phish

It is a pure and simple matter of statistics. The phishing attempts that most people have become accustomed to are those that are sent to the widest range of addresses – you know, the Paypal, Washington Mutual, and Smith Barney emails you get with the embedded jpeg asking for your account information. The only problem is, you don’t have an account at any of those places. So, the phishers blanket inboxes hoping to catch just a few suckers that do. The low cost of implementation doesn’t help – sending email is cheap, cheap, cheap.

Huge distribution X low rate of success = some big dollars.

However, the opposite methodology could be applied as well, and it is.

“Spear fishing,” or targeted phishing

Phishers used to pound large ISPs with directory harvest attacks, gather the addresses, then pound on the clients again. Send out millions upon millions of lures, and you are bound to “catch a live one.”

Times change, and so do phishing tactics. With the level of awareness of the scams hitting new highs, phishers are choosing to target their lures with additional precision.