Spear Phishing Techniques
A one-off, text-only spear phishing email might look unsophisticated on the surface, but there are social engineering techniques at work that reveal a sophisticated level of psychological manipulation. Below are some examples:
Engaging in pretexting: Spear phishers prime their victims by first sending a friendly email and engaging in small talk, such as “how was your vacation?” or “congrats on the promotion.” This lowers the victim’s guard, prepping them for the spear phisher’s eventual request, which might not come for several more emails.
Making urgent requests: Often, spear phishers will convince their victims that they have only hours—or even minutes—to send a wire transfer, change their bank account information, or purchase gift cards for clients.
Sending emails via mobile: Spear phishers posing as executives often claim to be out of the office, even out of the country, and urgently need the victim’s help. Adding “sent from my iPad, iPhone, or Android device” adds to the believability of such a claim and also excuses mistakes in the email, such as typos. It also creates an excuse for using a non-corporate email address like Gmail.