{"id":90238,"date":"2019-12-02T09:00:15","date_gmt":"2019-12-02T17:00:15","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90238"},"modified":"2023-09-26T09:09:18","modified_gmt":"2023-09-26T16:09:18","slug":"spear-phishing-campaigns-sharper-than-you-think","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/","title":{"rendered":"Spear phishing campaigns\u2014they\u2019re sharper than you think"},"content":{"rendered":"<p>Even your most security-savvy users may have difficulty identifying honed spear phishing campaigns. Unlike traditional phishing campaigns that are blasted to a large email list in hopes that just one person will bite, advanced spear phishing campaigns are highly targeted and personal. They are so targeted, in fact, that we sometimes refer to them as \u201claser\u201d phishing. And because these attacks are so focused, even tech-savvy executives and other senior managers have been duped into handing over money and sensitive files by a well-targeted email. That\u2019s how good they are.<\/p>\n<p>Even though spear phishing campaigns can be highly effective, they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power. Today, we provide an overview of how these campaigns work and steps you can take to better protect your organization and users.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90239 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png\" alt=\"Graph showing that the percentage of inbound emails associated with phishing on average increased in the past year.\" width=\"1471\" height=\"680\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png 1471w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-300x139.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-768x355.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-1024x473.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-930x430.png 930w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-767x355.png 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-539x249.png 539w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-465x215.png 465w\" sizes=\"(max-width: 1471px) 100vw, 1471px\" \/><\/a><\/p>\n<p><em>Figure 1. Percentage of inbound emails associated with phishing on average increased in the past year, according to Microsoft security research (source: <\/em><a href=\"https:\/\/www.microsoft.com\/securityinsights\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Microsoft Security Intelligence Report<\/em><\/a><em>).<\/em><\/p>\n<h3>Step 1: Select the victims<\/h3>\n<p>To illustrate how clever some of these campaigns are, imagine a busy recruiter who is responsible for filling several IT positions. The IT director is under a deadline and desperate for good candidates. The recruiter posts the open roles on their social networks asking people to refer leads. A few days later they receive an email from a prospective candidate who describes the role in the email. The recruiter opens the attached resume and inadvertently infects their computer with malware. They have just been duped by a spear phisher.<\/p>\n<p><strong>How did it happen?<\/strong><\/p>\n<p>In a spear phishing campaign, the first thing an attacker needs to do is identify the victims. These are typically individuals who have access to the data the attacker wants. In this instance, the attackers want to infiltrate the human resources department because they want to exfiltrate employee social security numbers. To identify potential candidates they conduct extensive research, such as:<\/p>\n<ul>\n<li>Review corporate websites to gain insight into processes, departments, and locations.<\/li>\n<li>Use scripts to harvest email addresses.<\/li>\n<li>Follow company social media accounts to understand company roles and the relationships between different people and departments.<\/li>\n<\/ul>\n<p>In our example, the attackers learned by browsing the website that the convention for emails is <strong>first.last@company.com<\/strong>. They browsed the website, social media, and other digital sources for human resources professionals and potential hooks. It didn\u2019t take long to notice several job openings. Once the recruiter shared details of jobs online, would-be attackers had everything they needed.<\/p>\n<p><strong>Why it might work:<\/strong> In this instance it would be logical for the victim to open the attachment. One of their job responsibilities is to collect resumes from people they don\u2019t know.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90240 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png\" alt=\"Infographic showing the typical campaign path for phish emails, from Reconnaissance to Exfiltration.\" width=\"1275\" height=\"346\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png 1275w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-300x81.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-768x208.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-1024x278.png 1024w\" sizes=\"(max-width: 1275px) 100vw, 1275px\" \/><\/a><\/p>\n<p><em>Figure 2. Research and the attack are the first steps in a longer strategy to exfiltrate sensitive data.<\/em><\/p>\n<h3>Step 2: Identify the credible source<\/h3>\n<p>Now let\u2019s consider a new executive who receives an email late at night from their boss, the CEO. The CEO is on a trip to China meeting with a vendor, and in the email, the CEO references the city they\u2019re in and requests that the executive immediately wire $10,000 to pay the vendor. The executive wants to impress the new boss, so they jump on the request right away.<\/p>\n<p><strong>How did it happen?<\/strong><\/p>\n<p>In spear phishing schemes, the attacker needs to identify a credible source whose emails the victim will open and act on. This could be someone who appears to be internal to the company, a friend, or someone from a partner organization. Research into the victim\u2019s relationships informs this selection. In the first example, we imagined a would-be job seeker that the victim doesn\u2019t know. However, in many spear phishing campaigns, such as with our executive, the credible source is someone the victim knows.<\/p>\n<p>To execute the spear phishing campaign against the executive, the attackers uncovered the following information:<\/p>\n<ul>\n<li>Identified senior leaders at the company who have authority to sign off on large sums of money.<\/li>\n<li>Selected the CEO as the credible source who is most likely to ask for the money.<\/li>\n<li>Discovered details about the CEO\u2019s upcoming trip based on social media posts.<\/li>\n<\/ul>\n<p><strong>Why it might work:<\/strong> Targeting executives by impersonating the CEO is increasingly common\u2014some refer to it as whale phishing. Executives have more authority and access to information and resources than the average employee. People are inclined to respond quickly when the boss emails\u2014especially if they say it\u2019s urgent. This scenario takes advantage of those human power dynamics.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90241 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png\" alt=\"Infographic of the Attack Spectrum, from Broad to Targeted.\" width=\"1269\" height=\"750\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png 1269w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-300x177.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-768x454.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-1024x605.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-440x260.png 440w\" sizes=\"(max-width: 1269px) 100vw, 1269px\" \/><\/a><\/p>\n<p><em>Figure 3. The more targeted the campaign, the bigger the potential payoff.<\/em><\/p>\n<h3>Step 3: Victim acts on the request<\/h3>\n<p>The final step in the process is for the victim to act on the request. In our first example, the human resources recruiter could have initiated a payload that would take over his computer or provide a tunnel for the attacker to access information. In our second scenario, the victim could have wired large sums of money to a fraudulent actor. If the victim does accidentally open the spear phishing email and respond to the call to action, open a malicious attachment, or visit an infected webpage, the following could happen:<\/p>\n<ul>\n<li>The machine could be infected with malware.<\/li>\n<li>Confidential information could be shared with an adversary.<\/li>\n<li>A fraudulent payment could be made to an adversary.<\/li>\n<\/ul>\n<h3>Catch more phishy emails<\/h3>\n<p>Attackers have improved their phishing campaigns to better target your users, but there are steps you can take to reduce the odds that employees will respond to the call to action. We recommend that you do the following:<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-4.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-90244 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller.jpg\" alt=\"\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller.jpg 600w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller-293x195.jpg 293w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<ul>\n<li><strong>Educate users on how to detect phishing emails<\/strong>\u2014Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:\n<ul>\n<li>An incorrect email address or one that resembles what you expect but is slightly off.<\/li>\n<li>A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.<\/li>\n<li>Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you\u2019re letting them down if you do not make the urgent payment.<\/li>\n<li>Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-5.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90246 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller.jpg\" alt=\"\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller.jpg 600w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller-293x195.jpg 293w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<ul>\n<li><strong>Encourage users to communicate potential phishing emails<\/strong>\u2014It\u2019s important that users flag phishing emails to the proper team. This can be done natively within many enterprise email systems. It can also be helpful if users talk with their peers about the phishing emails they receive. Spear phishers typically don\u2019t send blast emails; however, they may select several people from the same department or with business relationships. Talking will alert other users to be on the lookout for phishy emails.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-6.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90248 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller.jpg\" alt=\"\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller.jpg 600w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller-293x195.jpg 293w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<ul>\n<li><strong>Secure your identities<\/strong>\u2014A spear phishing campaign is often the first step that an attacker takes to gain more privileged access to company resources. If they succeed in duping a victim, you can reduce the damage with modern authentication techniques. For example <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/08\/20\/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">multi-factor authentication (MFA) can block over 99.9 percent of account compromise attacks<\/a>.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90250 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png\" alt=\"\" width=\"951\" height=\"463\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png 951w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7-300x146.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7-768x374.png 768w\" sizes=\"(max-width: 951px) 100vw, 951px\" \/><\/a><\/p>\n<p><em>Figure 4. Enhanced anti-phishing capabilities are available in Microsoft Office 365.<\/em><\/p>\n<ul>\n<li><strong>Deploy technology designed to block phishing emails<\/strong>\u2014If users don\u2019t receive the phishing email, they can\u2019t act on it! Deploy technology that can help you catch phishing emails before they land in someone\u2019s inbox. For instance, Office 365, one of the world\u2019s largest email providers, offers a variety of protection against phishing attacks <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/anti-phishing-protection\" target=\"_blank\" rel=\"noopener noreferrer\">by default<\/a> and through additional offerings such as <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/atp-anti-phishing\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Advanced Threat Protection (ATP) anti-phishing<\/a>. Importantly, Microsoft has both been advancing the anti-phishing capabilities of Office 365 (see Figure 4 above) and <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/10\/17\/how-office-365-learned-to-reel-in-phish\/\" target=\"_blank\" rel=\"noopener noreferrer\">improving catch rates<\/a> of phishing emails.<\/li>\n<\/ul>\n<h3>Get in touch<\/h3>\n<p>Reach out to Diana Kelley on <a href=\"https:\/\/www.linkedin.com\/in\/dianakelleysecuritycurve\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>\u00a0or\u00a0<a href=\"https:\/\/twitter.com\/dianakelley14\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>\u00a0or Seema Kathuria on <a href=\"https:\/\/www.linkedin.com\/in\/seema-kathuria-8987921\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a> or <a href=\"https:\/\/twitter.com\/reachseemak\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a> and let them know what you\u2019d like to see us cover as they talk about new security products and capabilities.<\/p>\n<p>Also, bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.<\/p>\n","protected":false},"author":96,"featured_media":90242,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3671,3688],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[1916],"class_list":["post-90238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-email-security","topic-threat-trends","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Spear phishing campaigns\u2014they\u2019re sharper than you think<\/title>\n<meta name=\"description\" content=\"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spear phishing campaigns\u2014they\u2019re sharper than you think\" \/>\n<meta property=\"og:description\" content=\"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-02T17:00:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-26T16:09:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-full-size.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1334\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-full-size.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"Spear phishing campaigns\u2014they\u2019re sharper than you think\",\"datePublished\":\"2019-12-02T17:00:15+00:00\",\"dateModified\":\"2023-09-26T16:09:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\"},\"wordCount\":1386,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\",\"name\":\"Spear phishing campaigns\u2014they\u2019re sharper than you think\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg\",\"datePublished\":\"2019-12-02T17:00:15+00:00\",\"dateModified\":\"2023-09-26T16:09:18+00:00\",\"description\":\"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg\",\"width\":440,\"height\":268,\"caption\":\"Image of three workers sitting on a sofa.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Spear phishing campaigns\u2014they\u2019re sharper than you think\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spear phishing campaigns\u2014they\u2019re sharper than you think","description":"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/","og_locale":"en_US","og_type":"article","og_title":"Spear phishing campaigns\u2014they\u2019re sharper than you think","og_description":"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-12-02T17:00:15+00:00","article_modified_time":"2023-09-26T16:09:18+00:00","og_image":[{"width":2000,"height":1334,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-full-size.jpg","type":"image\/jpeg"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-full-size.jpg","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"Spear phishing campaigns\u2014they\u2019re sharper than you think","datePublished":"2019-12-02T17:00:15+00:00","dateModified":"2023-09-26T16:09:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/"},"wordCount":1386,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg","keywords":["Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/","name":"Spear phishing campaigns\u2014they\u2019re sharper than you think","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg","datePublished":"2019-12-02T17:00:15+00:00","dateModified":"2023-09-26T16:09:18+00:00","description":"Spear phishing campaigns can be highly effective\u2014but they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-card.jpg","width":440,"height":268,"caption":"Image of three workers sitting on a sofa."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Spear phishing campaigns\u2014they\u2019re sharper than you think"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90238"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90238"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90238\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90242"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90238"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90238"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90238"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90238"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90238"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}