Spearphishing is a type of phishing attack which is targeted towards a specific individual, group of individuals or business as opposed to mass-phishing campaigns that target thousands of victims. Spearphishing emails are often designed to steal specific data, or install malware on the target’s computer or device.
Spear phishing attacks are not usually initiated by random cybercriminals, but rather, are more specific to the victim, and are more likely to be conducted by cybercriminals seeking financial and intellectual property gain.
With so much of our personal and professional lives being exposed on social media channels, attackers have access to personal information, contacts, and a backstory to construct convincing pretexts for use within spear phishing attacks.
What’s more, attackers are increasingly resorting to a type of spear phishing known as Business Email Compromise (BEC). In this type of spear phishing, an attacker would send an email seemingly originating from an executive (such as a CEO or CFO) which is used to trick victims into executing actions or divulging information they otherwise wouldn’t. In other cases, spear phishing is used as a mechanism for credential harvesting or delivering targeted malware to specific individuals.
Having plans in place that deal with defending your organization from spear phishing attacks is essential. However, it is equally important that this defense strategy is constantly battle-tested and improved to evolve in step with the threat.