Spear Phishing –

Identify the strategic objective of the attacker.

Who is it for?

CISOs, SOC Managers.

What is the problem?

Spear phishing is a targeted attack that, unlike general phishing attacks, does not rely on an easily detected spam campaign. Instead, the victims are carefully selected.

In 2019 the Verizon data breach investigation report listed phishing as the leading cause of data breaches in that year.

It is clear from the data that no matter what security may be in place, there is always the possibility that someone, somewhere in your organization will click on a link that will result in your corporate network being compromised.

The goal of the Spear Phishing deception campaign is to deflect the spear phishing attack into a buffer zone to collect actionable and real-time threat intelligence about the attacker.

The deception director deploys the assets associated with the Spear Phishing Campaign, these include: web based email service accounts and web based supporting infrastructure, for example servers. This is your deceptive buffer zone to fool the spear phishers.

Your SOC takes known Spear Phishing emails that are attempting account compromise, and then adds the credentials for the web based email service accounts, deployed above, to the Spear Phishers infrastructure.

CounterCraft will detect when the threat actors are interacting with the deception buffer zone and you will be alerted immediately.

The platform continues to collect intel in real-time on how the threat actors use the compromised account, and where they pivot to from the account.

Spear Phishing Graph Spear Phishing Graph

Cyber Deception helps clients to collect intel from the spear phishing attack and proactively protect their organizations from the current and future attacks.

Enriched threat intel data

Enriched threat intel data in the form of TTPs (MITRE ATT&CK) and IoCs including IP addresses, and credentials used by threat actors. The threat intel data can be sent to external security tools such as MISP, a SIEM or SOAR platforms.


Simplify communication with board and key management about the strategic merit of threat intelligence - use hard evidence, and organization specific intel to back up your messaging.


Obtain actionable threat intelligence,
that is specific to your organization, that enhances the corporate security strategy.

Reassess your current security control sets

Reassess your current security control sets based on objective evidence of adversaries circumventing current security controls.

Speak with an expert

Industry: Insurance

Role: Incident Response team

What was your goal?

Our goal was to mitigate the risk of a spear phishing attack being successful, ensuring that we had the security controls in place to stop the attackers.

Why did you choose deception?

Deception allows us to see in real time what an attacker would do when they execute a spear phishing attack. Also, this happens in a different environment from our infrastructure that the attacker believes it is real. So for us it gives intelligence and doesn't involve any risks.

What results did you achieve?

Once the spear phishing email was reported, we used it to trigger it in our deception environment. We successfully gathered in real time the TTPs the attacker would have used against us. This allowed us to make informed modifications to our security policy and reconfigure other security systems.

Speak to an expert to leverage cyber deception to mitigate the success of Spear Phishing attacks.

Speak with an expert