Spearphishing Service

From RCATs
Revision as of 01:03, 21 January 2023 by Ali3nw3rx (talk | contribs) (Created page with "Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and ot...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and other non-enterprise controlled services. These services may have less strict security policies than an enterprise. The goal of the spearphishing is to build rapport with the target or get their interest in some way. Attackers may create fake social media accounts and message employees for potential job opportunities, which allows a plausible reason to ask about services, policies, and information about their environment. They may also use information gathered from previous reconnaissance efforts such as social media or the victim's website to create convincing and believable lures.