Spear phishing 

Spear phishing is a cyberattack that is targeted toward a specific individual, department, or company that appears to be from a trusted source. This type of attack is hard to spot and are well thought out, and often the targets are researched well in advanced before such an attack is performed. This is not like a normal phishing attack where the attackers cast a wide net; spear phishing is a directed attack.

The core component of a spear phishing attack is information gathering. Gathering information about email addresses, people, and their positions within the target organization (using OSINT tools such as LinkedIn) will help you define who your target will be and who you can impersonate. As we learned in Chapter 3, Performing Information Gathering, open source intelligence can provide you with a wealth of information on your targets. 

Some common features of spear phishing attacks are as follows:

• Business email compromise (BEC): This aims to abuse processes such as payroll or invoices. The attack would leverage an email from a reputable source (within the from field) and contain a document related to an invoice. To the average human, nothing appears untoward and they would open that invoice and ultimately expose their system to the attack.
• Multi-vector threats: This attack uses multiple attack vectors. For example, the spear phishing email will contain dynamic URLs, drive-by downloads, and a payload encoded within a document to avoid detection.
• Virtually undetectable: Since a well-crafted spear phishing email does not have characteristics that are found within the large amounts of normal phishing emails that are found on the internet, it makes it harder to detect by traditional reputation and spam filters.
• Whaling: In this type of attack, a spear phishing campaign is directed at a high-profile target, often someone in the c-suite of an organization. High-profile people often have more privileged information than the average person, and this makes them a prime target. Any information that's stolen in a whaling attack is more lucrative on the black market, over and above the possibility of privileged credentials that an attacker can use.