Spear phishing

1. A targeted attack by hackers, using bogus emails, that attempts to get the victim to provide login information or personal information to the hackers. Spear phishing attempts may appear to originate from legitimate, known sources, such as organizational IT or known vendors. Election officials should not click through on suspicious links or open attachments without first verifying that the email is legitimate.

Source: Election Terminology Glossary - Draft, National Institute of Standards and Technology (NIST), https://pages.nist.gov/ElectionGlossary/; The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf; Information Technology Terminology, U.S. Election Assistance Commission, https://www.eac.gov/documents/2017/09/21/information-technology-terminology-security

2. A colloquial term that can be used to describe any highly targeted phishing attack.

Source: The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

3. Sending emails from an ostensibly trusted source to solicit confidential information

Source: An Investigation into Foreign Entities Who Are Targeting Servicemembers and Veterans Online, Vietnam Veterans of America https://vva.org/wp-content/uploads/2019/09/VVA-Investigation.pdf