How does a cyber attack start? ? What uses do cybercriminals have for data stolen from businesses or organizations? ? Phishing (phishing in English) and harpooning (spear phishing in French) are both the origin and the consequences of cyber-attacks that affect individuals and businesses.
To protect yourself, it is important to understand what the differences are between these two methods and what the risks are. AP Stylebook is a tool widely used by journalists, magazines and editorials. It is used to check grammar rules, punctuation and writing style. Between July and September 2023, two cyberattacks resulted in the theft of part of their customers’ data. End of July, the Maine Attorney General's Office (USA) announced the discovery of a security breach and compromise of an old website linked to the AP Stylebook. This IT resource was administered by a third party and left in disuse. This intrusion allowed the attackers to seize the personal information of 224 customers, including their names, email addresses, postal addresses, cities, States, postal codes, phone numbers and user IDs. Customers who provided sensitive information such as social security or employer numbers also had this data stolen. The Associated Press was alerted July 20 to reports of customers receiving spear phishing emails demanding they update their credit card information. Bleeping Computer reported on September 10 that the Associated Press (AP) issued warning about data compromise affecting AP Stylebook users. Malicious individuals exploited stolen data to carry out spear phishing attacks.
How one leads to the other
Commentary by Benoît Grunemwald, cybersecurity expert at ESET France : “If these two terms are similar, however, there is a difference in their construction. In the case of phishing, fraudulent messages are sent en masse to a large number of people, with the aim of deceiving recipients, by pretending to be a trusted organization to retrieve their personal data. Based on the same foundations, spear phishing is a more targeted method, in which cybercriminals use an individualized approach to target a single person or group of people by personalizing messages with data stolen or harvested from the internet. In the event of a complete data theft, it becomes easy to create a message usurping the entity of the entity at the source of the data and to add the information resulting from the theft. This technique helps to remove the reluctance of victims. So, the message received contains your name, your first name, the software or service used or any other elements increasing the legitimacy of the message. The chances of success are higher than with phishing, which is inherently generic. »
