Phishing that directly targets a single person with some basic understanding of that person. Often, spear phishing is used on employees or friends within a social network in hopes of gaining sensitive company or personal information, such as an employee's login. Below are some different examples of how spear phishing could be done.
How spear phishing is done
- The attacker knows the victim's name and uses that in a spear phishing e-mail.
- An attacker obtains a victim bank name or details such as the last four digits of their social security number and uses it to make the victim believe they have their account details.
- The attacker uses a friends name or picture on a social network such as Facebook and claims to be that friend.