Spear Phishing

Whereas most phishing campaigns send out mass emails to as many people as possible, spear phishing is more targeted. In spear phishing, the attacker has already done pre-attack reconnaissance to uncover as much possible about the target. This information could include names, email address, occupation and much more.

Once a cybercriminal has they enough information, they will then strike by crafting a believable email that gives the target little reason to suspect that it is anything less than a legitimate email. The reason why spear phishing is so successful is because of the customized nature of the emails.

Spear phishing is a major threat to enterprises because of how costly it can be. According to a report by Trend Micro, spear phishing emails can account for 91% of data breaches.

The Differences Between Phishing and Spear Phishing


Spear Phishing

Phishing attacks are automated and aimed at a wide audience.

Spear phishing attacks are highly personalized and targeted.

You don’t need a lot of skills to trigger a massive phishing campaign.

You need a certain level of technique to spear phish someone.

These phishers usually look for credit card information, usernames and passwords.

These phishers go after more valuable data such as business secrets, financial information and many more.

Phishing does not require a lot research prior to deployment.

Spear phishing requires a great deal of research prior to deployment.

How to Protect Against Spear Phishing?

Here are some best practices to protect yourself and your organizations from becoming victims of spear phishing: