Spear phishing is an identity impersonation attack targeted at a specific organization or individual. It is carried out through malicious email to gain access to confidential information. Spear phishing attempts typically don't come from random attackers; instead, they are more likely to be conducted for profit or to obtain trade secrets or confidential information. Similar to emails sent in regular phishing attacks, spear phishing messages appear to come from a trustworthy source. They generally exhibit the following characteristics:
- The source appears familiar and trustworthy, such as someone from work.
- The information within the message supports its validity, and the request it makes has a logical basis.
- There's a sense of urgency, especially regarding tasks that go against company policy.
To avoid falling victim to spear phishing, follow these recommendations:
- Report unexpected requests for confidential information and, if possible, verify them directly with the involved person.
- Do not disclose personal data in response to emails; do not click on message links unless their source and authenticity are reliable.
- Limit the personal information you share on social networks and other websites.