Understanding the logic of spear phishing

In terms of modus operandi, spear phishing works like a conventional phishing attack, that is, it is a message / email sent to a recipient, in an attempt to attract their attention and make them open the message and the attachments.

The difference lies in the sender. While some phishing emails are forwarded by unknown recipients and sent to millions of people, spear phishing is segmented and constructed with the aim of impacting a specific person, group or company.

Generic e-mails leave the scene and enter real names, senders that seem very real and messages that even copy the aesthetics and style adopted by the sender.

The professionals will examine and evaluate security strategies and defenses. It is the responsibility of the IT Security Specialist to create new defensive systems and protocols

There is no doubt here: the criminals did their homework, studied the victim (s) thoroughly and launched a refined attack with less chance of distrust. The attacks are very much based on social engineering, that is, they rely on the interaction of people to be successful, and, in fact, they manage to fulfill their objectives in many opportunities.

Faced with trusted senders, people are more inclined to hand over information such as logins, passwords, documents and reports, and this makes the tactic even more dangerous.