Overview
Unlike generic phishing, which is sent to thousands of people, spear phishing is tailored to the victim. Attackers often research their targets on social media or corporate websites to make their messages more convincing.
Characteristics
- Personalization: Using the victim's name, job title, or names of colleagues.
- Urgency: Creating a sense of crisis to prompt immediate action.
- Specific Lures: Referencing real projects or events the victim is involved in.
Prevention
- Security awareness training.
- Email filtering and authentication (DMARC).
- Multi-Factor Authentication (MFA).