Spear phishing is a particularly perfidious and targeted form of phishing. In contrast to widely distributed mass emails, this method targets individuals within a company. Attackers carry out extensive research beforehand: they analyse the company’s communication style, corporate design and organizational structure. They specifically identify employees whose role provides access to sensitive information or financial resources and also collect personal data – such as interests, hobbies or professional backgrounds – via platforms such as LinkedIn, Xing or social networks.
The attackers use this information to create deceptively genuine, personalized messages – often seemingly in the name of superiors, colleagues or business partners. The aim is to gain the victim’s trust in order to persuade them to disclose confidential information, execute bank transfers or open malicious attachments or links. As the attacks are individually tailored, they are often difficult to recognize as fake and therefore particularly dangerous.
