Spear phishing attacks are specifically targeted at an individual
                    based upon research conducted by the attacker. They may include

                    personal information designed to make the message appear more
                    authentic.

                    Whaling attacks are a subset of spear phishing attacks sent to high-
                    value targets, such as senior executives.

                    Vishing attacks use phishing techniques over voice
                    communications, such as the telephone.

















































               FIGURE 21.1 Social Security phishing message

                   Image source: U.S. Social Security Administration

               Although users are becoming savvier, social engineering still poses a
               significant threat to the security of passwords (and networks in
               general). Attackers can often obtain sensitive personal information by