Spear phishing is a form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for example, refer to their targets by their specific name, rank, or position at the organisation instead of using generic titles common in broader (consumer focused) phishing campaigns.

The most commonly used and shared file types accounted for 70 per cent of the total number of spear phishing email attachments during the period of Trend’s study, between February and September this year.

The main file types were: .RTF (38 per cent), .XLS (15 per cent) and .ZIP (13 per cent).

Executable (.EXE) files were not as popular among cybercriminals, most likely because emails with .EXE file attachments are usually detected and blocked by security products at the edge of corporate networks, long before they reach the in-box of prospective marks.

Source: The Register