<![CDATA[Data security is important to protect personal and sensitive information. Data leakage cases that have occurred in Indonesia have recorded that 80% of Indonesian citizens' data is sold on dark forums (dark web), this will certainly cause losses to individuals and organizations. Factors that cause data leaks can be the lack of security protocols, direct attacks, or phishing attacks. One type of phishing attack that targets more specific individuals is called a spear phishing attack. This research aims to identify potential data leakage from public data in public institutions by formulating an attack tree based on the Data Flow Diagram (DFD) of a spear phishing attack using data granularity metrics with a combination of attacks from Open Source Intelligence (OSINT) tools, social engineering tools, and email spoofing. This research generates and compares four attack tree models with no attack launching or exploitation. First OSINT TheHarvester, social engineering SEToolkit, and email spoofing. Second OSINT Metagoofil, social engineering ZPhisher, and email spoofing. Third OSINT Recon-ng, social engineering SEToolkit, and email spoofing. The fourth OSINT Snov.io, social engineering ZPhisher, and email spoofing. Spear phishing attack using OSINT Snov.io is the best attack combination because it has varied data details, namely getting five types of data and a high level of data granularity with a total of 367 data so that there are more opportunities to carry out attack planning and security analysis.]]>
