攻击者使用多种类型的电子邮件攻击从计算机系统或网络中窃取机密信息。机密信息包括登录凭据、银行卡详细信息或任何其他敏感数据。网络钓鱼和鱼叉式网络钓鱼也是此类电子邮件攻击。
1. 网络钓鱼:
这是一种电子邮件攻击,攻击者冒充相关可信组织,通过电子通讯,以欺诈方式寻找用户的敏感信息。电子邮件是由攻击者精心设计的,旨在针对某个群体,单击链接会在计算机上安装恶意代码。
例子 –
- 从用户那里窃取银行交易密码
- 窃取用户的登录凭据
2.鱼叉式网络钓鱼:
鱼叉式网络钓鱼是一种针对特定个人或组织的电子邮件攻击。在鱼叉式网络钓鱼中,攻击者的目标是点击安装恶意代码的恶意链接,并让攻击者从目标系统或网络中检索敏感信息。
例子 –
- 从组织窃取堆栈详细信息
- 从公司窃取产品设计程序
网络钓鱼和鱼叉式网络钓鱼的区别:
| PHISHING | SPEAR PHISHING |
|---|---|
| Phishing attack is done for a wide range of people. | Spear phishing is done for specific person or organization. |
| Its objective is to steal sensitive data like bank card details from maximum people. | Its objective is to steal sensitive data from a large company regarding stacks etc. |
| It is an automated attack. | While it is a manual attack. |
| The targets selected in phishing are very random. | While target is specific in spear phishing. |
| This is broad and less sophisticated. | While this is more sophisticated. |
| It is mostly done for money. | While it is done to ruin an organization. |
| Phishing includes cyber criminals or professional hackers. | While spear phishing attackers are business oriented malicious code distributor. |