Skip to main content

Q: What are spear phishing and waterhole attacks?

A:

  • Spear Phishing: This is a highly targeted attack where the attacker masquerades as a trusted source (e.g., a colleague, executive, or well-known brand) to deceive a specific individual or organisation. The goal is to obtain sensitive information, such as login credentials or financial details. This is usually carried out via email or social media, tricking the victim into clicking a link or opening an attachment.
  • Waterhole Attack: In this attack, the attacker compromises a website that is known to be frequently visited by the target group. The attacker infects the site with malware, which then infects visitors' machines, allowing the attacker to compromise the target's network.

In short: Spear phishing targets a specific person or group, while a waterhole attack targets a group of people by poisoning a commonly used website.