What is the difference between phishing and spear-phishing?

We discuss the differences between phishing scams and spear-phishing scams.

A phishing scam is an attempt by a criminal to obtain sensitive information from a victim by pretending to be an entity that the victim trusts.

So for example, if the criminal sends the victim an email pretending to be from Facebook, which contains a link that leads to a spoof Facebook login page which steals username and password data that is entered into it, that would be a (quite popular) example of an email phishing scam.

Phishing scams are one of the most popular scams on the Internet, and most phishing attacks are sent en masse to thousands, even millions of potential victims.


Sponsored Content. Continued below...




Because phishing scams are usually sent out to many different victims at once, they are not considered targeted, because they contain no (or very little) personal information of the recipient.

As a result, phishing attacks will usually have a very low success rate because the lack of personal information specific to the recipient makes the scam less convincing, and most recipients will correctly identify the attack as a scam and won’t fall for it. However this low success rate is overcome by the large number of potential targets, and even a low success rate can be adequate.

Spear-phishing attacks, on the other hand, are targeted phishing attacks where the crook has tailored their scam to target a specific individual or company. As such, the scam – for example, a phishing email – may contain information related specifically to the recipient. This can include their name, name of colleagues, date of birth, company name or the claim to have information or data that the recipient would genuinely be expecting.


Sponsored Content. Continued below...




Of course this “personalised” information has to be discovered by the crook, and as such spear-phishing attacks take longer to orchestrate since it involves a greater deal of planning.

The upside to spear-phishing attacks is a higher success rate because the addition of personalised information makes the scams appear more convincing. Many red flags associated with phishing, such as the lack of personal information, do not apply with spear-phishing attacks, and that makes them much harder to spot.

For information on avoiding phishing scams, click here.