Adversaries use internal spear phishing to gain additional information or to exploit users within the organization after gaining access to accounts or systems within the environment.
This attack can only be played if a Malware card is affecting your opponent or if your opponent has a Personnel card in play. If both requirements are met, remove 3 points this round. Otherwise, remove 2 points. Discard this card after 2 rounds.