Spear phishing is a more refined phishing with a more targeted personal approach. Hence the name spear phishing, where the English word spear stands for spear. In this phishing approach, the spear phisher can build trust with his target person via information from social networks. About the educational institution or the company where the potential victim once worked or about sports activities, social settings, the same bank, etc. The email traffic apparently comes from the employer or a colleague.
The mails are intended to trigger strong motivations. Greed for better returns, high interest rates or inheritance, fear of financial and health collapse, or pity for a seriously ill person and his relatives.
The modus operandi is always similar. First, the spear phishers try to build trust, using insider information from social networks, blogs, websites, or hacked information, so that the victim does not immediately suspect anything. In the following phase, they send emails to the victim, developing every imaginable scenario, asking them to provide personal information on short notice. And in the last phase, the potential victims are asked to click on a link in an email that takes them to a realistic-looking website. There, they are asked for certain personal data such as bank account details, identification number, the access code and other security-related details.
There are other spear phishing approaches like hacking address books and writing to the people listed in them under the authenticity of who the mail addresses belonged to. The fraud creativity of spear phishers is constantly developing more refined models. For example, spear phishing that targets high- ranking individuals such as well-known managers, athletes, or politicians is referred to as whaling.