Profile picture
Dominic Gwinn @DominicGwinn
, 9 tweets, 4 min read Read on Twitter
Here's your crash course in spear phishing.

It's a targeted attack at a specific person, or entity. 1/9
Threat actors engage in spear phishing in order to gain a form of control over a system. Sometimes that means operational capability, sometimes it just means observational capability. 2/9
Spearphishing attacks happen all the time. Usually it's through an email, but it can be sophisticated, like a thumb drive curiously placed by your car, or an MMS message. The point is to get you to open a "file" and trigger a payload.

You could think of it as a Trojan horse 3/9
Targets are picked through social engineering. Let's say I want to take over a power plant. Find the guy who works the night shift, and get all public data (name, address, parents, kids, etc.) 4/9
After you find all their public stuff, you move on to all the semi-private stuff. Do they post on social media? What are their fav. movies? Music? Habits? Hobbies? Special skills? 5/9
If it's a hardcore financial attack, you COULD start looking on databases to see if they've been pwned before. Were they on Ashley Madison? Were they busted via Target? Equifax? Yahoo? Whatever financial data you can get, add that to your spreadsheet of pwnage. 6/9
After you've built a fairly comprehensive profile of the person, you start looking for ways to get them to "click" something. The easiest thing to do is one of those, "This is your bank/soc. media/cable co., you need to change your password. Click this link!" 7/9
Other times you use the social profile you've built to convince them to click on something. Maybe it's a picture, a song, a new game -- the point is to force them to click a spoofed/fake file that deploys the payload. 8/9
You put a lot of information out online, and a lot gets hoover up every day. Reverse engineering someone in the digital age is astonishingly easy since we've all been putting this stuff online for two decades. It's just a matter of putting the pieces together. 9/9
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Dominic Gwinn
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!