Member-only story
The totally legitimate guide to spearphishing and whaling
Just like there are different methods for actual fishing, there are different methods for phishing according to what your target is. Spearphishing is the act of targeting a single person or group of people. Whaling is like spearphishing, but with a greater purpose — specifically targeting individuals of high rank or status. You would be spearphishing if you decided to target the marketing team of a realty company, you would be whaling if you decided to phish the CEO. With the base we’ve already established in previous chapters, this chapter will build on that knowledge and demonstrate these more advanced techniques for landing your phish (or whale).
Recon: The Meat & Potatoes of Targeted Phishing
Let’s say you’re targeting a doctor in Ohio. What does your email say? If you feel like you don’t have enough information to answer that, you’re absolutely right. That’s why recon is so important, especially when administering targeted attacks. Without some type of ‘insider knowledge’ on your target, you can never really hope to get into their bubble of trust. Large scale phishing attacks are mostly a numbers game, with measures taken to ensure a good percentage of phish. You’re not afforded the same comforts with targeted attacks, simply due to the smaller sample size.
