Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

July 22, 2016
Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and research whitepapers. Let us take a look at some other types of phishing that specifically target employees at the victim organization.

Spear phishing are Phishing attacks that target specific individuals within an organization via emails that contain personalized information or attachments that appear to be legitimate, such as billing or shipping information. A variant of spear phishing is Whale Phishing, where the target is a major player in the organization – C level staff.

Puddle Phishing is an older term describe a spear phishing attack that targets the employees of smaller organisations or a select group of banks/financials in a define marketplace, geography or vertical such as insurance, oil and gas, government agencies etc.  We have some examples that demonstrate that this is a resurgent trend. As larger banks have already been subject to the threat of phishing for some time, defenses, response and mitigation are more mature, hence smaller targets in defined areas are becoming more attractive.

The puddle phisher has a well defined audience and can therefore personalize their attack to the intended recipient. Such targeted phishing gives the criminal the opportunity to research the organization to tailor their phishing attack specific to the business.

With such a defined and targeted phishing attack the criminal can exploit the business to yield favourable returns on their time and resource investments. Although the target maybe small, such as a credit union, regional bank, or second tier organization the gain from each attack can still be significant.

Phishing schemes will continue to develop in quantity and sophistication and our researchers are working hard and diligently to combat and meet these evolving trends and methodologies.

About the author

Leave a Reply