Does anyone have an example of what a spear phishing attack looks like? I've always thought that it would be easily recognizable, but I've realized that's a naive view.
The most clever ones I've seen make it look like a PDF of employee comp was accidentally sent to the wrong recipient from your payroll company or from the Finance department.
Think about the human element in that for a minute...
They look like whatever you want them too. Here's a typical defense-oriented phish from China. Obviously it means a lot more to the recipient than it would be to you. Point is, it's been customized. Don't worry, someone in your company will click it, even if the message is stupid.
