What is Spear Phishing?
Unlike broader phishing attempts that blanket many users in hopes of snagging one or two, spear phishing is a precise and targeted attack on a single person that aims to persuade them to perform an action harmful to their business, organization, or government agency.
Image description: common spear phishing attempts come from a trusted partner or executive and are very specifically targeted to certain individuals who can carry out high-value transactions
One of the reasons spear phishing has been so effective is that it relies on the inherent lack of authentication in most internet email. As a result, it’s easy for attackers to impersonate people or companies that their targets will trust. In as many as two-thirds of these cases, attackers actually use the domain name of the impersonated entity in the “From:” field of their messages. This is known as exact-domain impersonation.
Email authentication puts a stop to that kind of attack by limiting domain use to only those senders that a domain owner has specifically authorized.