Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well targeted. The attacker emails users in a single organization. The emails may appear to come from another staff member at the same organization, asking you to confirm a username and password.
Sometimes the emails seem to come from a trusted department that might plausibly need such details, such as IT or human resources. Links in the emails will redirect to a bogus version of the company website or intranet for stealing credentials.
(See Email malware distribution)
Back to Security Threats A-Z
Back to Threatsaurus Home