Kaspersky experts have identified a new phishing attack trend where elements of spear phishing are being used in bulk campaigns. Traditional bulk phishing emails target large audiences with generic messages, often rife with typos and simplistic formatting. In contrast, spear phishing involves highly personalized messages including specific details about the target, making them appear more credible.
Spear phishing targets specific individuals or small groups with emails that mimic the style and content of legitimate communications from trusted entities, that are meticulously crafted to avoid detection by security filters, and often contain no technical errors. Mass phishing campaigns meanwhile cast a wide net, sending generalized messages to large lists of email addresses lacking personalization and often contain mistakes and poor design.
In late 2023, Kaspersky researchers observed a statistical anomaly indicating a blend of spear and mass phishing tactics, with emails detected that were too aggressive for spear phishing, but too sophisticated for mass phishing. In one instance, an HR phishing email addressed the recipient by name and referenced their company, yet the linked phishing form was a generic fake Outlook sign-in, a typical sign of mass phishing.
Kaspersky experts have identified a new phishing attack trend where elements of spear phishing are being used in bulk campaigns. Traditional bulk phishing emails target large audiences with generic messages, often rife with typos and simplistic formatting. In contrast, spear phishing involves highly personalized messages including specific details about the target, making them appear more credible.
Spear phishing targets specific individuals or small groups with emails that mimic the style and content of legitimate communications from trusted entities, that are meticulously crafted to avoid detection by security filters, and often contain no technical errors. Mass phishing campaigns meanwhile cast a wide net, sending generalized messages to large lists of email addresses lacking personalization and often contain mistakes and poor design.
In late 2023, Kaspersky researchers observed a statistical anomaly indicating a blend of spear and mass phishing tactics, with emails detected that were too aggressive for spear phishing, but too sophisticated for mass phishing. In one instance, an HR phishing email addressed the recipient by name and referenced their company, yet the linked phishing form was a generic fake Outlook sign-in, a typical sign of mass phishing.
