Spearphishing is a phishing method that targets specific individuals or groups within an organisation. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions such as opening a malware file that causes network compromise, and data loss, or financial loss. While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals, spear phishing focuses on specific targets and involve prior research.
A typical spearphishing attack includes an email and an attachment. The email includes information specific to the target, including the target’s name and rank within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment.