Spear phishing is an email scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
This is how it works
An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention.
For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.
How to protect yourself
To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary.
Attackers have increased their use of spear-phishing to infiltrate organizations. While intelligence gathering remains their primary motive, attack groups using malware designed to destroy and disrupt business operations increased by 25 percent in 2018.