With typical phishing, criminals hope to send their messages to so many people that they will stumble across enough victims to make their efforts profitable. Today, businesses and government organizations have gained enough experience to guard themselves pretty well against these unsophisticated attempts to steal credentials and other personal information.
In response, savvy criminals learned they can easily gather public information about an organization or even a team within an organization.
As an example, it’s fairly easy to find an account manager’s name and email address through such social networks as LinkedIn. Press releases may contain details about upcoming business deals, customers, and even urgent issues. Using this information, a savvy digital thief can craft a much more convincing message that might entice more sophisticated computer users to click through a fake link and supply information.