<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] ([Spear-Phishing]) is a [Social Engineering Attack] to obtain [data] including [Sensitive Data] such as [usernames], [passwords], and [Payment Card] details (and, indirectly, [money]), often for [malicious] reasons, by disguising as a trustworthy [entity] in an [Telecommunications] like [Email].


[{$pagename}] is an example of [Social Engineering Attack] used to deceive users and [exploits] weaknesses in current [Website] security.

[{$pagename}] typically directs users to enter [personal data] at a fake [website], the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. [{$pagename}] emails may contain links to [websites] that are infected with [malware].

[{$pagename}] may involve use of a [HTML link] to [Malicious] [Website] which then deploys [Malicious Software]

[{$pagename}] may use [Punycode] so [HTML links] appear to be reputable [Organizational Entity]

!! [{$pagename}] [Attacks]
More than 2/3 of the incidents in [2015|Year 2015] involved [{$pagename}] ([Verizon Data Breach Investigations Report]). 

[One-Time passwords] and other [Multi-Factor Authentication] help against your account being used to perform [{$pagename}] but __not from you being the subject__ of [{$pagename}]__

!! [{$pagename}] leads to other [Attacks]
[{$pagename}] is often just the entry point to more [attacks]. For [example], To obtain a perform such [attacks] like [pass-the-hash] or [pass-the-ticket], the [attacker] needs [credentials] of a [user] to get in the door.

!! [{$pagename}] [Example]
One trick that [bad guys|Attackers] use a lot is called [CEO] Fraud. CEO Fraud involves a scam in which [cybercriminals] impersonate executives in order to fool an [employee] into executing unauthorized wire transfers, or sending out confidential [Sensitive Data]. A sense of urgency is usually employed, pressuring the victim to act before thinking. According to [FBI] statistics, CEO fraud is now a $12 billion scam.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Phishing|Wikipedia:Phishing|target='_blank'] - based on information obtained 2017-05-05- 
</pre>