Spear Phishing is a targeted attack using emails that look like they're from someone in your company or a commonly used business.
So instead of an email from a random bank about your nonexistent account, hackers send an email that looks like it's from the HR office in your firm or a service like Groupon or Travelocity.
If you click the link in the email, it takes you to a fake page, and hackers are able to attach malware to your browser, said Anirban Banerjee, co-founder of StopTheHacker. "They'll verify your email address and check your browser history," he said.
If you logged into your online bank account just prior to the attack, for example, cybercriminals might send a fraudulent email saying you need to change your password for security reasons. "Now they've just captured your banking information," said Banerjee.
Additionally, hackers can use your online activity to determine which social networks you use and where you shop most frequently, and then send more phishing emails that look like they've originated from those sites.