Attacks & Threats
Spear Phishing
Also known as: Targeted phishing
Definition
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Examples
- An email impersonating a CFO sent to a specific accounts-payable clerk requesting an urgent vendor payment change.
- A LinkedIn-themed message to a developer linking to a fake code-review site that delivers a backdoor.
Related terms
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Whaling
A spear-phishing attack aimed at senior executives or other high-value targets, typically seeking large fraudulent payments or access to strategic information.
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Pretexting
A social-engineering technique in which an attacker invents a believable scenario or identity to manipulate a target into disclosing information or performing an action.