Askeal Logo

Spear Phishing

Spear phishing is a highly targeted form of phishing where attackers tailor messages to specific individuals or organizations. Unlike generic phishing, spear phishing leverages detailed knowledge of the victim to make messages more convincing and harder to detect.

What is spear phishing?How it typically worksCommon techniques and variantsImpactFurther reading

What is spear phishing?

Spear phishing attacks are personalized to maximize trust. Attackers may reference recent projects, professional relationships, or personal details gathered from social media. This precision makes the victim more likely to believe the message is legitimate and act upon it.

Spear Phishing

Spear phishing is a highly targeted form of phishing where attackers tailor messages to specific individuals or organizations. Unlike generic phishing, spear phishing leverages detailed knowledge of the victim to make messages more convincing and harder to detect.

Table of Contents

What is spear phishing?

Spear phishing attacks are personalized to maximize trust. Attackers may reference recent projects, professional relationships, or personal details gathered from social media. This precision makes the victim more likely to believe the message is legitimate and act upon it.

How it typically works

  1. Research: attackers collect information from open sources, corporate websites, or prior breaches.
  2. Message creation: they craft a message that looks authentic and relevant to the target.
  3. Delivery: the email or message is sent, often impersonating a colleague, executive, or business partner.
  4. Exploitation: the victim is persuaded to share credentials, transfer funds, or download malicious files.

Common techniques and variants

  • Business Email Compromise (BEC): impersonating executives to request money transfers or sensitive information
  • Whaling: spear phishing that specifically targets C-level executives and senior managers
  • Fake invoices and supplier fraud: exploiting trusted business relationships
  • Targeted credential harvesting: directing victims to lookalike login portals

Impact

Spear phishing often leads to high-value compromises, including wire transfer fraud, theft of intellectual property, and unauthorized access to sensitive corporate resources. Because messages are well-researched and credible, traditional spam filters and security tools may not detect them. For SecOps teams, spear phishing is especially concerning because one successful message can bypass technical defenses and cause significant damage.

Further reading

  • FBI: Business Email Compromise. Read more
  • CISA: Avoiding Social Engineering and Phishing Attacks. Read more
  • NCSC UK: Spear phishing guidance. Read more

Related topics

PhishingSmishingVishingEmail SpoofingSocial Engineering