Spearfishing, spoofing, and phishing are all terms thrown around frequently in cybersecurity circles. However, many people don’t understand the implications of these malicious tactics. Spearfishing and other forms of cybercrime can cost organizations billions of dollars each year, along with severe reputational damage.
According to the FBI, more than 2.76 million complaints were filed with them from 2017 to 2022, increasing every year not only in number but also in dollars lost. That suggests that not only are cyber criminals getting savvier, but their targets are losing more every year.
Source: FBI “Internet Crime Report 2021”
Phishing vs. Spearfishing vs. Spoofing: What’s the Difference?
A scam is a scam is a scam, right? Understanding the different types, however, can help business and their customers stay a step or two ahead of criminals.
What is phishing?
Phishing is a type of cyberattack that involves sending fraudulent emails or texts in an attempt to trick people into clicking on malicious links or attachments. These links and attachments can contain malware that can infect your device or steal your personal information.
There are several types of phishing:
- Vishing is short for “voice phishing,” which means using voice recordings or live-voice telephony to target victims.
- Smishing uses SMS (texting) messaging to target victims.
- Pharming is a cyberattack that tricks users into going to a website and entering credentials, which the cyber criminals then steal and use to access bank and other types of personal accounts.
- Spoofing is when a cyber criminal creates a fake website that looks legitimate, typically of a well-known brand like PayPal, Wal-Mart, and Microsoft.
There are many other types of phishing and cyber crimes, but they all have the same intent: to defraud and/or harm businesses and individuals. Here is a closer look at three specific types of cyber scams.
What is spearfishing (in cybersecurity terms)?
Spearphishing is a type of phishing attack that criminals target at a specific individual or organization.
Attackers may use publicly available information about their target to make their emails seem more legitimate and increase the likelihood of getting victims to click on malicious links or attachments.
What is spoofing?
Spoofing is a type of cyberattack in which an attacker impersonates another person or entity in order to trick victims into providing sensitive information or taking action that they would not ordinarily take.
In phishing attacks, attackers typically spoof the sender of an email in order to trick victims into clicking on a malicious link or attachment. Consequently, the victim’s computer is infected with malware. Subsequently, thieves steal their personal information.
The consequences of falling victim to a spoofing, phishing, or spear-phishing attack can be serious. Victims may lose money, have their identities stolen, or be infected with malware that allows attackers to take control of their computers.
It is important to be aware of these types of attacks and take steps to protect yourself from them. Consequently, it may help to review our list of topics for security awareness training.
According to the FBI’s 2021 Internet Crime Report, phishing, vishing, smishing and pharming are the most prolific:
Source: FBI “Internet Crime Report 2021”
How Companies Are Fighting Back Against Scams
Combating cyber attacks is like a masterful game of chess. Just as users become smarter and more sophisticated at detecting scams, the criminals learn more. Fortunately, companies are fighting back against these scams with a variety of methods.
Many have implemented strict security measures, such as two-factor authentication and firewalls. Others have created awareness campaigns to educate employees on how to spot a scam. And some companies have even taken legal action against the scammers themselves.
Vigilence: Everyone’s Responsibility
Unfortunately, it’s up to consumers to do their due diligence to protect themselves as well.
If you get an email from a company and want to verify that it’s legit, don’t click the link. Go to the company’s website and look for messaging like a page specifically dedicated to reporting scams, as in this AnyTech365 example.
You can report fraud directly to the companies that are being spoofed, and you can also report the messages to the FBI.
Many large companies employ people whose jobs are to prevent and respond to fraud. To report a possible scam to a company, do an internet search for the company name plus “fraud department” or “report a scam.” But be careful! Some cybercriminals have become very savvy and created fake pages that appear to be fraud investigators.
A consumer just can’t get a break, can they? Here’s what to do. First, check the URL. Make sure it connects to the corporation. (Below, we’re using the mega retailer Target as an example.)
Now go to Target’s website and in the footer, look for the Security and Fraud department.
You’ll see that the web addresses match. Consequently, both the Google result and the link in the store’s footer take you to security.target.com.
By taking these steps, businesses can protect themselves from the costly effects of spearfishing and other forms of cybercrime. And although there’s no guaranteed way to prevent all attacks, being proactive can go a long way in protecting your company from harm.