Spear Phishing
What is Spear Phishing?
Spear PhishingA targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Spear phishing is a focused social-engineering attack in which the attacker researches a victim — their role, colleagues, vendors, projects, recent activity — and crafts a message that is highly relevant and persuasive. Unlike mass phishing, the volume is small and the pretext is precise, which dramatically increases success rates. Common goals include credential theft, fraudulent wire transfers, deployment of malware, and initial access for intrusions. Defences include strong email authentication (DMARC, SPF, DKIM), phishing-resistant MFA, out-of-band verification for sensitive requests, and targeted training for high-risk roles.
● Examples
- 01
An email impersonating a CFO sent to a specific accounts-payable clerk requesting an urgent vendor payment change.
- 02
A LinkedIn-themed message to a developer linking to a fake code-review site that delivers a backdoor.
● Frequently asked questions
What is Spear Phishing?
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance. It belongs to the Attacks & Threats category of cybersecurity.
What does Spear Phishing mean?
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
How do you defend against Spear Phishing?
Defences for Spear Phishing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Spear Phishing?
Common alternative names include: Targeted phishing.