The phisher targets a company using social media and other publicly available information.
He identifies other employees the target may know...
Using the information discovered the Phisher crafts a personalised email impersonating a colleague or boss with a malicious link or attachment...
The phishing email plays on emotions such curiosity, greed, fear and urgency...
The email is sent to the target bypassing the email spam filter...
Later in the day the target opens their email.
They recogize an email from a close colleague and friend...
They open it because it appears to be legitimate...
The attachment is downloaded and opened. The target has unknowingly fallen victim to a phishing email.
The hacker now uses a backdoor to exploit the organisations systems.
If you suspect that you have received a spear phishing email at work, follow our procedures for reporting it immediately.
If you have any questions or feedback related to this exercise, please email john.doe@example.com.