Illustration of Spear Phising

Spear phising is a method where someone crafted an email with phising link inside that are uniquely targeted into a specific individual, organization, or a company. Spear phising usually used to steal data and informations regarding the target, but often it's used to inject malwares and other unwanted programs onto target's device. It is also possible for both case to happen simultaneously leading to a bigger impact for the target.

Here is an example case of how spear phising worked.

1. Cyber criminal actor creates a phising email targetted into Company A.
2. One of Company A's employee opened the email, unknowingly giving the criminal access inside internal network and system.
3. The criminal later elevated their access privilege into a higher status (Administrator or Root).
4. After elevating their privilege, the criminal can access every employee's computer searching for valuable informations.
5. Valuable informations gathered by the criminal later sent outside Company A's network. Usually it's sent into the criminal's own network through secured network channel.
6. The criminal then sent an ultimatum for Company A to pay ransom (usually in bitcoin) or the informations stolen will be leaked outside.
7. At this point, the perpetrator can also do more with Company A's system and network such as planting malwares, worms, trojans, ransomwares, et cetera.

So how do companies prevent this? It's quite simple actually, but yet overlooked too often. Always check the email sender first. If the sender is suspicious, then placing skepticism over the content of the email is truly justified. Reporting that email to the IT department of the company is recommended for further handling.