Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by random attackers but are more likely carried out by an attacker with specific goals against your company for financial gain, trade secrets etc…
As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.
With the following example I received within my mailbox, it went straight into my inbox as the mail filters thought of it as a genuine mail from a trusted source and rather than sending it into my Spam box.
Requested Reply (Attacker!): firstname.lastname@example.org
After performing some reconnaissance on this mail extension and the sender name I came across some information that this person actually does exist and the @ahpra.gov.au is the Australian Health Practitioner Regulation Agency were this trusted sender currently works.
Main aim of this post is to be aware that although the sender may be trusted, why would they ask to reply to another email address this is not listed within @ahpra.gov.au but rather within a Hotmail account to which anyone could set up an account for.