The fact of living in a hyperconnected society has many advantages. For example, being able to check the news or your bank account at any time and place, buy a book and receive it in 24 hours at your doorstep or be in constant contact with people who live far away from you.
But it also has its negative side: we are constantly exposed to possible cyberattacks. Our information goes around the net without us being truly aware of the magnitude and seriousness of it. As a result, we are potential victims for cyber scammers, eager to steal our data or money.
In this sense, one of the most widespread frauds on the Internet is phishing. But in addition, this common cyber scam has a much more refined companion, spear phishing. Although it is more complex for criminals to carry out, its success rate is higher.
Conventional phishing consists of sending massive emails or messages to various users or companies. Cybercriminals pose as a legitimate entity such as a bank or courier company, with the aim of tricking victims into providing their private information, making a financial charge, accessing a fraudulent website or downloading an attachment that infects the device in question. To do this, they use social engineering techniques, replicating in a very credible way the e-mails or messages issued.
For its part, spear phishing is very similar, but it targets specific victims instead of massive ones. The National Institute of Cybersecurity (INCIBE) defines spear phishing as a form of phishing directed against a specific objective, in which the attackers try, through an email or message, to obtain confidential information from the victim. Another possible goal is to entice you to pay a cheap fee or download some malware-infected attachment.
The similarities of both cyber scams are that they use social engineering by deceiving the victim, posing as an apparently trustworthy entity. However, their main difference lies in the recipient of the fraud.
Phishing is not personalized, but criminals target a large number of people at random. On the other hand, in spear phishing they are smaller attacks, directed individually at a person or a small group of people, such as a specific company. Also, their messages are much more personalized, so they seem more believable.
To do this, they collect information from the victim through different channels, such as social networks, forums, blogs and other means of communication. While spear phishing is more complicated to execute and requires more work for criminals, it has a higher success rate. This is so because as they are personalized attacks they are more credible and the victims are more easily deceived.