- Chapter 7. Industrial Espionage in Cyberspace
- What Is Industrial Espionage?
- Information as an Asset
- Real-World Examples of Industrial Espionage
- How Does Espionage Occur?
- Steganography Used in Industrial Espionage
- Phone Taps and Bugs
- Protecting Against Industrial Espionage
- Industrial Espionage Act
- Spear Phishing
- Summary
- Test Your Skills
This chapter is from the book
This chapter is from the book
This chapter is from the book
Spear Phishing
Phishing, as you know, is the process of attempting to get personal information from a target in order to steal the target’s identity or compromise the target’s system. A common technique is to send out a mass email that is designed to entice recipients into clicking on a link that purports to be some financial institution’s website but is actually a phishing website.
Spear phishing is using the same technology in a targeted manner. For example, if an attacker wanted to get into the servers at a defense contractor, he might craft email and phishing websites specifically to target software and network engineers at that company. The emails might be made to appear of interest to that specific subgroup of people. Or the attacker might even take the time to learn personal details of a few of these individuals and target them specifically. This technique has been used against executives at various companies. In 2010 and 2011, this problem began to grow significantly.
This has since been expanded even more into the process of whaling. Whaling attempts to compromise information regarding a specific, but highly valuable, employee. It uses the same phishing techniques, but highly customized to increase the chances that the single individual target will be fooled and actually respond to the phishing attempt.
