Spear-phishing attacks are specifically targeted at an individual or entity. Their main value is that they are targeted at a small group of users. These are quite often used in penetration testing, targeting specific email addresses of the client. You must spend more time in researching the client by gathering information, such as email signatures, logos, and understanding what the communications from the customer may look like. Often, you may register a look-a-like domain that may seem familiar when they see the from message.
In this recipe, we will create and launch a targeted spear-phishing attack.