This book is an introduction for the reader in the world of Phishing attacks.Read more
In spear phishing, a criminal specifically targets an individual or an organization, trying to obtain specific pieces of information, often with a specific end goal in mind.
The basic element of a phishing attack is a message, sent by email, social media, or other electronic communication means. A phisher may use public resources, especially social networks, to collect background information about the personal and work experience of their victim. These sources are used to gather information such as the potential victim’s name, job title, and email address, as well as interests and activities. The phisher can then use this information to create a reliable fake message.
Spear phishing includes malicious emails sent to specific people. The attacker typically already has some or all of the following information about the victim: Name - Place of employment - Job title - Email address - Specific information about their job role. This information helps increase the effectiveness of phishing emails and manipulate victims into performing tasks and activities, such as transferring money.
Attempt to steal credentials for Microsoft accounts:
In August 2020, attackers sent phishing emails attempting to steal Microsoft account credentials. The messages attempted to trick the victim into clicking a malicious link that redirected to a fake Microsoft login page.
Amazon phishing email attempts to steal credit card information:
In September 2020, attackers sent a phishing email, which appeared to be from Amazon, attempting to steal user credit card information. The email claimed that the user’s account was deactivated due to too many login failures, and linked to a fake Amazon Billing Center website, which instructed the user to re-enter their payment information.