A more recent variation of phishing involves emails that are targeted towards employees of specific companies. Emails that are sent as part of this scheme appear to be from an employee’s actual company and ask for the user to update personal information. However, like other phishing schemes, a link contained in the email message sends the user to a site that is completely unrelated to the company. This type of targeted phishing scheme has become known as “spear phishing.”
Spear phishing has become prevalent. The Wall Street Journal reported that between January and June 2005, an estimated 35 million targeted messages were sent in the United States. This form of phishing has also proven to be effective. In one mock attack designed to study users’ responses, 500 cadets from West Point received a targeted email asking for personal information. More than 80% of these cadets responded to the email and provided the requested information.