What is spear phishing?

[Garry]

What does spear phishing exactly mean?
How is it done?

[paul]

Spear here means; weapon to combat fraud.

Phising; It is the act or attempt to fraudulently acquire sensitive information, such as passwords, social security numbers, credit card details, identity- through official email by masquerading as a business name or a trustworthy person. For example many of you are recieving mail from paypal. The fraudster usually work on group in a well organized manner. They are using most sophisticated technique such as keylogging programs that silently copy the keystrokes of computer users and send that information to them.

[Peter]

Spear phishing is described as a highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, organization or a group. The E-mail might look like it comes from your employer, or a colleague to everyone in the company and could include requests for user names or passwords.

The truth is that the e-mail sender information has been faked or spoofed. Traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company's entire computer system. If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might put your employer or group at risk.

[Steven]

Perfect, Peter!
Spear phishing scams seem to have been initiated by a company's own human resources or technical support divisions. It may ask employees to update their username and passwords. Once a hacker has succeeded in extracting this data he can easily penetrate the secured networks.