Targeted phishing

Organizational security is not only about applications and infrastructure but also human factors. Simulated phishing plays a crucial role in strengthening your organization’s security posture by addressing the human element. 

In our phishing services, we focus exclusively on custom attack scenarios that correspond with the daily activities of the targeted audience within your organization.  

What is the difference between targeted (aka spear phishing) and mass phishing?

While both forms of these social engineering cyberattack methods involve deceiving people into revealing sensitive information or credentials, there is a major difference in the approach and results.

The traditional email filters (or other security solutions) are mostly prepared to stop mass spam campaigns – both in ingress and egress email traffic. These solutions can identify high volumes of similar email messages and, for example, observe interactions of small groups of recipients while postponing delivery of the remaining part of the messages.

The regular, non-targeted phishing campaign (if not sent by and through your email solution provider themselves as a form of security awareness training) should end up not in your inbox, but in your spam folder.

Why do we offer targeted phishing and why is it a better approach?

To avoid these countermeasures, we take a different approach, known in the cybercrime community as whaling. Before sending any message, we first do an intense open-source intelligence (OSINT) phase choosing the best targets in your organization to increase the effectiveness of our activities and gain the highest possible access level. We check the online perimeter of your organization to identify your messaging, collaboration, and project management solution providers to fine-tune campaign templates. We register plausible domains and deploy lookalikes of your own login pages and services. Only then, we proceed to deliver personalized, important, and highly time-sensitive messages to the recipients at the best possible moment.

Finally, if the phishing campaign was ordered as a part of our physical and cyber-attack simulation, we test the captured credentials from the perspective of the very inside of your own facilities, from its internal network, delivering highly effective threat intelligence-based red-teaming operation.

Why will this attack succeed and what does it mean for your organization?

By leveraging all possible circumstances favourable to the attack, we ensure that our message will land in someone’s inbox and will be read. Due to social engineering aspect and refined personalization, it will induce emotions and create a situation that promotes rushing to provide someone’s credentials. 

If, as a result of the campaign, a complete set of valid credentials is stolen – for example due to your company not using passkeys, relying on a broken authentication server implementation, (like the one we disclosed in CVE-2025-26788), not correctly enforcing multi-factor authentication, having excessive attack surface, and not implementing login geofencing – we proceed with asserting the gained access level.

This stage of the attack informs you whether the zero-trust model and least privilege principle are in place, and measures the performance of the blue-team security operations centre in your organization. This service helps you prepare for properly identifying and answering successful attacks, guiding you toward minimizing both the attack surface and the impact on company operations.

Connect with our Red Team Expert!

Does this kind of attack happen in real life?

There is a number of known to the public real-life examples of successful spear-phishing campaigns in high-value companies with mature computer security solutions: 

• In 2014, Sony Pictures were targeted by North Korean cyberwarfare operation delivered by group known as Guardians of Peace, resulting in massive data leak that included unreleased films and confidential emails, 
• In 2015, Ubiquiti Networks  lost over $46 million due to email frau delivered by an “outside entity”, 
• Since 2024, Russian-linked hackers delivered a Star Blizzard spear-phishing campaign targeting WhatsApp accounts of government victims, as identified by Microsoft Threat Intelligence. 

We can help you not supplement this list 🙂 

DORA compliance 

Addressing targeted phishing supports compliance with DORA by strengthening ICT risk management, incident response, and operational resilience

Threat-Led Penetration Testing (TLPT) – How to be DORA compliant in 2025?

The Digital Operational Resilience Act (DORA), coming into effect in January 2025, imposes new cyber-resilience obligations on financial institutions in the European Union.

Wojciech Dworakowski 2025.02.28 ·15 MIN reading

Quote for your project 

Book a call or fill out our contact form to get a quote. Every organization is different – if necessary, we’ll get in touch with you to determine the specifics of your needs and the broader context of security testing.