We all know that phishing is a type of attack whereby the “phishers” send emails and set up web sites masquerading as legitimate entities or individuals, to lure users into entering sensitive information or visiting a site that downloads malware. Spear phishing is a more sophisticated variant on that, which go the “extra mile” to specifically target a particular person or organization. The message may appear to have been sent from the recipient’s boss or a valued customer – but the intent is the same: to collect information that the attacker can then use to benefit him/herself. Spear phishing is also sometimes called “whaling.”
This article by Bob Violino over on ComputerWorld describes examples of this type of attack and provides some tips on how you can help prevent company executives, the targets of “whaling,” from falling victim to the attacks.