Glossary
Spear Phishing
Regular phishing is like junk mail addressed to "Current Resident." Spear phishing is like a scam letter that uses your name, knows where you work, and mentions your recent projects. Because it's personalized, it's much more convincing - and much more dangerous.
What is Spear Phishing?
Spear phishing is a targeted form of phishing where attackers customize their messages for specific individuals or organizations. Unlike generic phishing that's sent to millions, spear phishing uses personal details gathered from social media, company websites, or previous breaches to make the attack more convincing.
Why Should You Care?
Spear phishing is the entry point for most targeted attacks on businesses. Attackers research their targets using LinkedIn, company websites, and social media to craft believable emails. Because the messages appear legitimate, even security-aware employees can be fooled. CEO fraud and BEC attacks are forms of spear phishing.
Is your business exposed?
Real-World Example
A CFO received an email that appeared to be from their CEO, who was traveling in Europe. It referenced a real acquisition they were working on and asked for an urgent wire transfer to close the deal. The CFO wired $4.2 million before discovering the CEO had never sent the email. Attackers had researched the company for weeks to craft the perfect message.
How to Protect Against Spear Phishing
- 1.
Train employees to verify urgent requests through a different channel
- 2.
Establish code words for sensitive requests between executives
- 3.
Be cautious about information shared on LinkedIn and social media
- 4.
Enable email authentication (DMARC) to prevent spoofing of your domain
- 5.
Use targeted phishing simulations to test susceptibility
- 6.
Never trust wire instructions received by email alone
Related Terms
Phishing, Business Email Compromise, Social Engineering, Whaling
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required