Spear Phishing Attack
Unlike broader phishing attempts that blanket many users in hopes of snagging one or two, spear phishing is a precise and targeted attack on a single person that aims to persuade them to perform an action harmful to their business, organization, or government agency.
One of the reasons spear phishing has been so effective is that it relies on the inherent lack of authentication in most internet email. As a result, it’s easy for attackers to impersonate people or companies that their targets will trust. In as many as two-thirds of these cases, attackers actually use the domain name of the impersonated entity in the “From:” field of their messages. This is known as exact-domain impersonation.
Email authentication puts a stop to that kind of attack by limiting domain use to only those senders that a domain owner has specifically authorized.