A look at how hackers create spear phishing emails

Spear phishing emails are highly effective and have been the cause of many successful hacking attempts. Unlike a regular phishing email that could be sent to thousands or millions of recipients, a spear phishing email is created to target just one victim. And if that victim falls for the bait, there is a good chance that they will turn over valuable information including network user accounts and passwords or confidential information such as bank account login credentials.

In an interview over at Business Insider, Ray Boisvert a professional ethical hacker for hire tells how he creates spear phishing emails.

He would scour LinkedIn looking for the least cybersavvy (company) employees, such as those who work in nontechnical areas and new hires unlikely to recognize an atypical email.

The infiltrator will then try to guess the employee’s email address by learning the format of a typical address for that company (e.g., [email protected]) and sending out messages repeatedly until they stop bouncing back.

After attaining the victim’s email address, the hacker looks to social media to learn as much as possible about his target’s professional background, friends, and general interests.

In this way, he can customize the phishing email as much as possible — even posing as one of the victim’s closest friends (profile picture included) — to make it look familiar and increase the odds that the target will trust it.

Clearly social media is a treasure trove of valuable information that can be used to help create spear phishing emails. Make sure your employees, customers, family and friends understand how these email are created and targeted at individuals. Steps to help prevent phishing scams include:

  • Minimize the amount of information shared on LinkedIn, Facebook, Twitter and other social media sites
  • Raise awareness of what phishing emails are and how to spot them
  • Instill some fear or concern into employees, family and friends so they will at least question the validity of emails
badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

More on blogs

What Is the AI Culture Assessment? A Smarter Starting Point for Responsible AI Adoption

AI is already showing up in the workplace, but many organizations lack visibility into how it is being used. The AI Culture Assessment helps MSPs

Phishing Tests Aren’t Enough: Why Remediation Is the Missing Link in Security Awareness

Phishing simulations show who clicks, but without follow-up, they rarely change behavior. Phishing remediation closes the gap by turning failures into learning opportunities, reinforcing training

Why Continuous Training Beats One-and-Done Cyber Awareness

Cyber threats evolve constantly, which means annual cybersecurity training is not enough to keep employees prepared. Learn how continuous training, phishing simulations, remediation, and short
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll: