Cyber Attacks using Phishing, Spear Phishing, and Whaling

Cyber Attacks using Phishing, Spear Phishing and Whaling
Student Name:
Professor:
Course Title:
Date:
Cyber Attacks using Phishing, Spear Phishing and Whaling
Cyber attacks are purposeful exploitations of computer systems, networks, and technology-dependent enterprises. They are attempts by hackers to destroy or damage a computer system or computer network (Vaas, 2014). This paper describes the difference between whaling, phishing, and spear phishing attacks. Various risk responses are also described. Moreover, risk mitigation is determined by applying industry best practices and principles.
Phishing, Spear Phishing, and Whaling Attacks
A Phishing Attack is a cyber attack commonly perpetrated through emails, and is an attempt of deceiving users in some way. The hacker, as Alsharnouby, Alaca and Chiasson (2015) pointed out, can trick his/her target into opening an email attachment that contains a malicious code. The target can also be tricked into sending his/her personal data to the sender, or into visiting a webpage in which he/she enters his/her personal information (Fruhwirt et al., 2014). The motives for phishing attacks range from trying to obtain protected information to utilize for unlawful purposes, to attacking entire networks, to hijacking computers and infecting them (Mohammad, Thabtah & McCluskey, 2015).
A Spear Phishing Attack is a sort of targeted phishing attack that a hacker uses to increase his/her chances of success. It is a much greater threat and a lot more sinister than a phishing attack given that it zeroes in on a certain business, organization, or individual (Sarikaa & Paul, 2017). A phishing attack gets its name from the notion that a hacker is trying to fish for random victims with the use of fraudulent or spoofed email as bait. A spear phishing attack extends this fishing analogy as the attacker is targeting high-value companies and/or individuals in particular (Didraga, Bibu & Brandas, 2013). Rather than attempting to obtain banking credentials for 500 people, attackers might decide to target a government official, or person who works for another government agency, for the purpose of stealing state secrets (Jensen et al., 2017).
Whaling Attacks are targeted attempts to steal confidential information from an organization, for instance, financial data or private details regarding staff members, in most cases for malicious reasons (Jagatic et al., 2007). Whaling attacks, particularly target a company’s senior management that holds power, for instance top executives like the Chief Financial Officer or the Chief Executive Officer, who have full access to the company’s confidential information (Jensen et al., 2017). These attacks are referred to as whaling attacks owing to the size of their victims compared to the victims of the typical phishing attacks. It is of note that the whales are selected in a careful manner, owing to their authority as well as access within the organization. Whaling attacks are aimed at tricking senior executives into disclosing corporate or personal data, mainly by means of email or website spoofing (Jagatic et al., 2007).
Risk Responses
Risk Avoidance is understood as elimination of risk. An activity that poses a possible r...