Spear-phishing 101: The Art of Fishing with Forks

Lesson 1: Identifying the Bait

Step 1: Find your target. Anyone with an email inbox is a potential catch.

Step 2: Craft the perfect hook. Make it look legit with a fake email address and a convincing subject line.

• Use a fake email address that's similar to theirs, but with a twist (e.g., [target's username]@spearphish.io).
• Subject line: "Urgent: Your Amazon package has arrived!" or "Your account has been compromised, click here to recover it."

Lesson 2: Casting the Line

Step 3: Cast your line (send the email). Make sure it's got some bait: a juicy attachment or a sense of urgency.

• Use a .zip or .exe attachment to make it look like a real file.
• Use a sense of urgency, like "Act now, or forever hold your peace!"