Spear phishing is a type of phishing that directly targets an individual. Often, those who spear phish know some information about that person. For example, spear phishing is used on employees or friends within a social network in hopes of gaining sensitive company or personal information, such as an employee's login. Below are some different examples of how spear phishing could be done.
How spear phishing is done
- The attacker knows the victim's name and uses that in a spear phishing e-mail.
- An attacker obtains a victim's bank name or personal details (e.g., the last four digits of their social security number) and uses it to make the victim believe they have their account details.
- The attacker uses a friends name or picture on a social network such as Facebook and claims to be that friend.