(Created page with "Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and ot...") |
No edit summary |
||
| Line 1: | Line 1: | ||
Adversaries may send spearphishing messages with a malicious attachment to elicit sensitive information that can be used during targeting. Spearphishing for information is an attempt to trick targets into divulging information, frequently credentials or other actionable information. Spearphishing for information frequently involves social engineering techniques, such as posing as a source with a reason to collect information (ex: Establish Accounts or [[:Category:Compromise_Accounts|Compromise Accounts]] ) and/or sending multiple, seemingly urgent messages. | |||
[[category:Phishing for Information]] | [[category:Phishing for Information]] | ||
Latest revision as of 16:53, 26 January 2023
Adversaries may send spearphishing messages with a malicious attachment to elicit sensitive information that can be used during targeting. Spearphishing for information is an attempt to trick targets into divulging information, frequently credentials or other actionable information. Spearphishing for information frequently involves social engineering techniques, such as posing as a source with a reason to collect information (ex: Establish Accounts or Compromise Accounts ) and/or sending multiple, seemingly urgent messages.