Ordinary phishing is sent to millions of people in the hope that a few will click. It is written in bulk and reads like it. Most who pay attention catch it.
Targeted phishing is different. It is sent to one person. The attacker has spent time learning who you are, who you talk to, what you do, what you are currently working on. The email mentions a real project, names a real person, refers to a real meeting. The link in it looks like a link you would expect at that moment.
A serious target is worth the preparation. The attacker spends days or weeks watching, building a picture of your routine, identifying the kind of message you would not question. When the message arrives, it does not look wrong. The clue, if there is one, is small: a slightly off email address, a sender who sounds like someone you know but uses words they would not use.
The defence is partly awareness and partly arrangement. Awareness means treating every link and every attachment with the assumption that it might be the one. Arrangement means having a way to confirm anything important through a separate channel: a phone call to a known number, a message on a different app, a face-to-face check. Anything that asks you to act fast, by itself, deserves a slower second look.
·
The desk reads the picture of you that a determined attacker would build, identifies the routes through which a convincing approach could be made, and considers what reduction is feasible.
More from the desk
Why the desk reads the quiet records as carefully
How a private placement reaches the record
Art collections and the provenance that describes them
The voice on the phone that sounds like someone you trust
How the desk handles an uncertain finding
The trail of an early-stage investment