Security Awareness Training
spear phishing explained

Highly targeted phishing attacks

Spear phishing is a sophisticated cyberattack method that targets specific individuals.

It can be highly effective and while spear phishing campaigns constitute only 0.1% of all email-based phishing attacks, they account for a staggering 66% of all breaches.

Spear phishing vs mass phishing

In contrast to mass phishing, which targets everybody with the same message, spear phishing utilises personal information to make the attack even more persuasive and realistic.

Spear phishing vs mass phishing

Example of spear phishing

The image shows a spear phishing attempt. The target is often contacted by someone posing as a trusted source. There’s usually a sense of urgency, and a bossy or threatening feel.

Invoice fraud

Here’s an example of a sophisticated invoice fraud attack

1. Through a breach on a different site, hackers got hold of a Ben’s (a sales person) password (which was reused across multiple accounts).
2. The hackers monitored Ben’s incoming and outgoing emails.
3. As soon as Ben sent the invoice to a customer, the hackers promptly designed a well made copy with new bank account details.
4. The hackers emailed the updated invoice (from Ben’s email account) and informed the customer that the payment details on the other invoice were outdated. This email was then deleted from Ben’s Sent items.
5. Subsequently, the hackers monitored the email inbox to ensure that no inbound emails questioning the change of bank details reached the victim Ben.
6. When the payment was made, the funds were transferred to the hacker’s account and were never recovered.

example of hacked emails in invoice fraud
targets of spear attempts

Targets of spear phishing

So, who are typical targets? Well, usually individuals who hold positions with access to information or funds. As you can see, that can include a majority of company departments!

-Finance and Accounting
-Executive Management
-Human Resources (HR)
-Information Technology (IT)
-Sales and Marketing
-Administrative (Assistants and Receptionists)

What tactics are used?

The image shows five tactics used by spear phishers, especially when it comes to CEO fraud.

CEO fraud tactics
Request more info

I want to know more

Get In Touch

Book a demo