News / Blog
« Return to News

Spear-Phishing and Advanced Persistent Threat Campaigns

Spear-phishing is the most prevalent delivery method for advanced persistent threat (APT) attacks. Today’s cyber criminals launch APT attacks with sophisticated malware and sustained, multi-vector and multi-stage campaigns to achieve a particular objective. In a typical spear-phishing attack, a specially crafted email is sent to specific individuals from a target organization. “APT campaigns frequently make use of spear-phishing tactics because they are essential to get high-ranking targets to open phishing emails,” the TrendLabs APT Research Team noted in the Trend Micro white paper.

Spear-phishing may be defined as highly targeted phishing aimed at specific individuals or groups within an organization. Spear-phishing makes use of information about a target to make attacks more specific and personal to the target. Spear-phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data.

  • 91% of targeted attacks involve spear-phishing emails.
  • 84% of organizations said a spear-phishing attack successfully penetrated their organization in 2015.
  • Spear-phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defenses.
  • According to Trend Micro, a typical spear-phishing attack includes an email including information specific to the target and an attachment. 
  • Trend Micro reported that spear-phishing tactics have become a favorite for targeted attacks because victims are more often duped into opening these types of emails.
  • 94% of targeted emails use malicious file attachments.
  • 70% of attachments include files such as .doc, .docx, .xls, xlsx, .pdf
  • Social networking sites allow attackers to harvest relevant information to use in attacks.
  • Over half of spear-phishing email recipients addresses are available via simple internet searches.

Visit our Phishing Facts and Spear-Phishing Facts pages for useful information on the threat of phishing and spear-phishing and prevention information about same.

Posted by PhishingBox on 07/08/2013
Read More Phishing Facts | Take a Free Phishing Test
View our Security Awareness Training for Employees

Protect Your Employees!

Try our Phishing Simulation Software

Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.


Phishing Alerts

Learn about recent security breaches that involve phishing and receive security tips and tricks to protect your business.

* indicates required