Just with those examples, you can see the severe impact of a spear phishing campaign. But large corporations are not the only targets. Spear phishing campaigns also target trusting employees at non-profits and churches to reroute funds.
Types Of Spear Phishing Campaigns
While each spear phishing campaign is highly researched, you may notice a few that specifically target high-level executives and directors. They look for employees with access to bank accounts, financial records, or intellectual property.
Not all two-factor authentication apps are malware, but they could be when they come from an unsolicited email. With the increase of two-factor authentication comes the misuse of the tool. The attacker may send a spoof email with a link to download the necessary app for quick two-factor authentication on a bank website, but this app gives access to the user’s phone and all of their login credentials.
Watering Hole Attacks
A watering hole attack is a specific type of spear phishing targeting the hobbies and interests of the user. The hacker uses networking sites to discover memberships or frequented websites of their user. Then, they hack that less-secure website, waiting for the “phish” to visit and download the malware. Or they send an email with a malicious link from that website to reset a password.
Typically, the goal is to install a keylogger on the computer so they can access the organization platforms with a high level of authorization.
While most internet users know not to download attachments from emails, hackers spoof email addresses of existing employees or the legal team to gain access to devices. Whether an email from a legal team with infected PDF documents attached or an excel file from your accounting team, downloading documents from any source has become difficult.