Spear Phishing

Updated: Oct 24, 2019

The 21st century has seen a technological revolution. Today, computers are commonplace in many households and organizations. They exist in many forms such as laptops, smartphones, tablets and etc. The computer has helped in expanding the field of globalization through increased connectivity and increased communication. It has aided in making the lives of individuals easier in multiple ways, such as that of commerce, communication, design, banking and etc. However while cyber technology has aided the community in countless manners, it has also led to new forms of crime and terrorism being developed. Such crimes that occur using the internet are known as cyber crimes. Such crimes include hacking, trolling, planting viruses, phishing, spear phishing and etc.

Spear Phishing, is a form of Cyber terrorism wherein attempts are made to gain access to a specific individual’s sensitive information. Such information can include place of residence, bank account details, credit card details etc. Spear Phishing attacks are highly coordinated, with attackers doing research into the targeted individual, through accessing of social media pages and etc.

Spear Phishing involves attackers sending emails to the targeted individual, often impersonating an official organization. It is designed to lure individuals into opening documents or websites, that lead to installation of malware onto the target’s system. Cyber terrorists, can utilize the malware so as to access the infected computer and steal or manipulate data on the computer. Cyber terrorists can also utilize the infected system so as to steal data and spread malware to other systems.

There exists a difference between phishing and spear phishing. The difference lies in the extent to which the attacks take place. Phishing involves the sending of false emails to a large population with intent to gain access to personal information with malicious intent. Spear Phishing, involves targeting a specific individual with malicious intent.


Anti Phishing and Spear Phishing Laws In India

Phishing and Spear Phishing are addressed as Cyber Crime under the Information Technology Act 2000 in India. Provisions for laws against Phishing and Spear Phishing are given under Section 66 of the IT Act 2000. The act was amended in 2008 with addition of new provisions pertaining to the offense of phishing.

Section 66: This section is applicable where the account of the victim is compromised by the Cyber terrorist through alterations of information present in the account of the victim kept in bank servers.

Section 66A: This section is applicable where false emails with fake links to banks or organizations are used so as to deceive individual pertaining to the origins of the mail.

Section 66C: In the phishing email, the attacker masks himself as the real banker and uses unique identifying features of the bank or organization such as Logos and trademarks.

Section 66D: The attacker through the use of phishing emails containing the link to the fake website of the bank or organizations impersonates institutions to cheat upon the common public.


Reporting of such Crime

  1. Once your PC is attacked, don't attempt to do anything rash or else you might loose a very important thread of evidence. Leave your PC as it is, any attempt which you take towards fixating the problem is likely to result in the destruction of valuable information. Be smart! If you really want the perpetrators to be caught.

  2. Report the occurrence immediately to the nearest police station.

  3. They will either transfer the case to the Cyber Cell Division of police or you can report directly to the Cyber Cell Division of your state police.

  4. The case for the aforementioned offence will be booked under the sections mentioned above and any other sections which the investigation officer deems fit to be applied on the situation.

Preventive Measures

  1. Honestly, there are no preventive measures for this as the attack is towards the carrier of specific information, it is individualistic in nature.

  2. However, you can keep your antivirus database updated. But, keep in mind that the major defect with the antivirus database is that it only recognizes what is unknown to the system but fails to recognize the malicious content hidden inside the known things to the system.


Thoughts of,

Prajanya Raj Rathore,

B.B.A.LL.B.,

Symbiosis Law School - Hyderabad.


All views are of the author.

© 2020 by AmicusX