What is spear phishing's most characteristic method?

Spear phishing primarily focuses on the customization of attacks to target specific individuals rather than employing broad, indiscriminate tactics. This method often entails gathering detailed information about the targeted person, which can include their interests, professional background, and personal connections. By leveraging this specific knowledge, attackers can craft highly personalized messages that appear legitimate and relevant to the victim, significantly increasing the likelihood of engagement and success.

This tailored approach contrasts sharply with methods like mass emailing campaigns, which are generic and sent to many recipients without regard to individual characteristics. Additionally, while utilizing social media for information can be a component of the overall strategy, it is the customization of the attack that defines spear phishing. Exploiting technical vulnerabilities is also a strategy but does not capture the essence of spear phishing, which is fundamentally about social engineering and deception through personalized communication.