The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for detecting spear-phishing phone calls.
Phishing is an attempt to acquire sensitive information such as usernames, passwords, credit card details, and even money, although indirectly, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Electronic communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploit the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Spear-phishing is one type of phishing that is an attempt directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success. Spear-phishing is, by far, the most successful on the Internet today.