Anatomy of a Spear Phishing Attack

With cybercrime quickly becoming a top priority for organizations, IT admins have felt the pressure to invest in network defenses and ensure their systems aren’t breached.

But those measures aren’t much help when criminals use phishing scams to bypass organizations’ defenses and hit them where they’re most vulnerable: their employees.

Fraudsters have countless tricks up their sleeve when targeting people for attacks, but perhaps the most dangerous is spear phishing. Let’s take a look at how it works, along with an example to help you spot the clues of an attack.

What is spear phishing?
Spear phishing is a form of email attack in which fraudsters tailor their message to a specific person.

They can gather the information they need to seem plausible by researching the target online – perhaps using Facebook, LinkedIn, or the website of the target’s employer – and imitating a familiar email address.

Spear phishing is harder to detect than regular phishing scams because although messages contain the same clues as to any phishing attack, the fact that they are addressed specifically to the target assuages suspicions that they are bogus.