This version of phishing targets specific individuals, organizations, or busineses. Many times, the email is crafted in such a way that the victim really believe it is being sent from someone they know within their organization. The email leads the unknowing recipient to a bogus website full of malware or asks the victim to send them confiential files like employee information. These emails often use clever tactics to get victims’ attention.
According to Kaspersky Lab, a leading security firm, many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.