[:en]
Recently we gave you some pointers on identifying phishing e-mails. So now that you know all the signs and how to outwit the criminals, there’s another variant – spear phishing. But don’t panic, it’s almost the same, with a bit of a twist.
Spear phishing is an e-mail that seems to be sent from an individual or business you know. Of course it’s really from hackers attempting to obtain you credit card, bank account numbers, passwords and financial information.
These types of attacks focus on a single user or department within an organisation and use another staff member from the organisation’s name to gain the victim’s trust. (Also see our recent article on the incident at Finance.)
They often appear to be from your company’s human resources or IT department, requesting staff to update information, for example passwords or account details. Alternatively the e-mail might contain a link, which will execute spyware when clicked on.
But wait, there are even more fishing comparisons.
When a phishing attack is directed specifically at senior executives, other high profile staff or seemingly wealthy people, it’s called whaling. By whaling cyber criminals are trying to catch the “big phish”, or whale.
[SOURCE: http://www.webopedia.com]
[:af]
Ons het onlangs vir jou `n paar wenke gegee hoe om `n phishing e-pos uit te ken. So noudat jy gereed is om enige krimineel uit te oorlê, het ons vir jou nog `n weergawe van phishing – spear phishing. Maar moenie paniekbevange raak nie. Dis amper dieselfde, net ʼn bietjie anders.
Spear phishing is wanneer ʼn e-pos lyk of dit gestuur is vanaf ʼn individu of besigheid wat jy ken. Inderwaarheid kom dit van kuberkrakers wat probeer om jou kredietkaart, bankrekening, wagwoord en finansiële inligting te aas.
Hierdie tipe aanvalle fokus op ʼn enkele gebruiker of departement binne `n organisasie. Deur die e-pos te stuur vanaf iemand binne die organisasie se e-pos, word jou vertroue gewen en gee hy makliker die inligting. (Sien ook ons berig oor die onlangse insident by Finansies)
Die e-posse lyk dikwels asof dit gestuur word deur jou menslike hulpbronne of IT-afdeling en versoek gewoonlik dat personeel hulle inligting (byvoorbeeld wagwoorde of rekeninginligting ) opdateer of heraktiveer. Alternatiewelik bevat die e-pos ʼn skakel wat spyware aktiveer indien daarop gekliek word.
Maar dis nie al nie – daar is selfs nog meer visvang-analogieë.
Wanneer `n phishing-aanval direk geloods word op senior uitvoerende hoofde, hoë-profiel personeel of skynbaar finansieël welaf persone, word dit whaling genoem. Deur whaling probeer kuberkrakers een “big phish”, of te wel die walvis, vang.
[:]
