Chapter 3: Introduction to Technological Aspects of Privacy
Spyware and Phishing Variants
Spyware (including keylogging) covertly surveils a device, often delivered by phishing social engineering. Variants include spear phishing, whaling, smishing (SMS) and vishing (voice). The principal defense against phishing is user training.
| Variant | Distinguishing feature |
|---|---|
| Spear phishing | Tailored to a specific individual (e.g. appears to be from the user's boss) |
| Whaling | Spear phishing aimed at C-suite executives, celebrities, and politicians |
| Smishing | Delivered via SMS text message |
| Vishing | Delivered via fraudulent voice message or phone call |
Defenses and the definition of spyware
Limiting downloads of executable code and filtering incoming messages help, but for messages that get through, the principal defense is user training. Note: defining software as spyware depends largely on the user's intent and knowledge - the same remote-screen-reading tool can be legitimate tech support or, without consent, spyware.
Key terms - quick answers
What is “Spyware”?
Malicious software covertly installed on a device that monitors activity and sends sensitive personal information to an attacker.
What is “Keylogging”?
A type of spyware (malware) that tracks all keystrokes and sends them to an attacker.
What is “Phishing”?
A form of social engineering using a routine, trusted communication channel to fool a user into granting access or disclosing sensitive information.
What is “Spear phishing”?
A phishing attack tailored to a specific individual, such as a message appearing to come from the user's boss.