Sometimes hackers will target employees very specifically to steal funds or information or inject malware. Hackers may find information about the organization you work for, your role and personal interests on social media type sites. They can then use this information to craft an email that uses one or more pieces of your personal information to greater effect.
An example of this might be if you’re interested in golf, an email to you directly with free golf lessons from a pro might persuade you to click on a link to find out more.
Another example known as CEO fraud, targets employees with a ruse of asking them to do something urgently like approve a funds transfer. The email looks to be from the CEO of the company which lends false authority to the request.
Of particular value to spear phishers are employees with financial or CxO roles who are more likely to have access to sensitive information or the ability to transfer funds more easily in organizations.
AI is expected to accelerate these types of attacks in the next few years under the umbrella of AI-BEC (Business Email Compromise) making it even more of a headache for security teams.