11. Social Engineering, Spear Phishing, and Trojans

Not all attacks begin with a technical flaw.
Many begin with human manipulation.

11.1 Phishing

Phishing tries to get users to reveal credentials or other sensitive information by impersonating trusted entities.

11.2 Spear Phishing

Spear phishing is targeted phishing aimed at specific individuals or roles.

Why it is effective

The attacker researches the victim and crafts:

  • believable context,
  • persuasive urgency,
  • realistic sender identity,
  • and tailored lures.

Typical goals

  • get the victim to click a link,
  • open an attachment,
  • submit credentials,
  • or install a trojan.

11.3 Trojans

A trojan is malware disguised as something benign or useful.

Unlike worms, trojans often depend on user action for initial execution.

11.4 Browser and Document Exploitation

A spear-phishing email may direct a target to:

  • a fake login page,
  • a malicious attachment,
  • or a browser exploit.

This turns human trust into technical compromise.

11.5 Cyber Espionage

When attackers aim to remain stealthy, persistent, and information-focused rather than immediately disruptive, the campaign becomes one of cyber espionage.

Typical features:

  • carefully selected victims,
  • long dwell times,
  • credential theft,
  • trojans or remote access tools,
  • staged exfiltration,
  • and operational discipline.

11.6 Broader Social Engineering Themes

The tutorial perspective should emphasize that:

  • secure systems still fail if users are deceived,
  • authentication is only as strong as the surrounding workflow,

  • and email remains one of the highest-value attack channels.

Page Navigation

← Bots, Botnets, and DDoS Mobile Device Security Vulnerabilities →

Back to top

Educational material for undergraduate network security students.

This site uses Just the Docs, a documentation theme for Jekyll.