Spear phishing is a phishing attack that targets a specific person or organization. Attackers research their victims beforehand and use this information to craft convincing messages tailored to the target’s interests, relationships, or responsibilities.
Example:
An attacker sends an email to Dianne, disguising themselves as one of her colleagues. The email discusses an upcoming team-building event and provides details about the occasion. It includes a link purportedly for RSVP or accessing additional information. Trusting the legitimacy of the email and unaware of the malicious intent, Dianne clicks on the link and unknowingly downloads malware into her computer.
Prevention Tips:
- Be extra cautious of emails that address you by name and seem to have specific knowledge about your work or interests.
- Don’t click on links or attachments in suspicious emails, even if they appear personalized.