攻击者使用多种类型的电子邮件攻击来窃取计算机系统或网络中的机密信息。机密信息包括登录凭据,银行卡详细信息或任何其他敏感数据。网络钓鱼和鱼叉式网络钓鱼也属于此类电子邮件攻击。
1.网络钓鱼:
这是一种电子邮件攻击,攻击者通过假装来自相关的受信任组织来尝试通过电子通信以欺诈的方式查找用户的敏感信息。电子邮件是由攻击者精心设计的,针对的是一个组,单击链接会在计算机上安装恶意代码。
例子 –
- 窃取用户的银行交易密码
- 窃取用户的登录凭据
2.鱼叉式网络钓鱼:
鱼叉式网络钓鱼是针对特定个人或组织的电子邮件攻击类型。在鱼叉式网络钓鱼中,攻击者诱骗目标是单击恶意链接,该恶意链接会安装恶意代码,并使攻击者从目标系统或网络中检索敏感信息。
例子 –
- 窃取组织的详细信息
- 偷公司的产品设计程序
网络钓鱼和鱼叉式网络钓鱼之间的区别:
| PHISHING | SPEAR PHISHING |
|---|---|
| Phishing attack is done for a wide range of people. | Spear phishing is done for specific person or organization. |
| Its objective is to steal sensitive data like bank card details from maximum people. | Its objective is to steal sensitive data from a large company regarding stacks etc. |
| It is an automated attack. | While it is a manual attack. |
| The targets selected in phishing are very random. | While target is specific in spear phishing. |
| This is broad and less sophisticated. | While this is more sophisticated. |
| It is mostly done for money. | While it is done to ruin an organization. |
| Phishing includes cyber criminals or professional hackers. | While spear phishing attackers are business oriented malicious code distributor. |