Spear Phishing

Security+ 🏆 • Social Engineering 👥 • Threats ⚠️ • Difficulty: free

Definition

Spear phishing is a targeted form of phishing where an attacker crafts messages for a specific person or team to increase trust and success. Instead of sending the same generic lure to thousands of people, spear phishing uses personal or organizational details to make the request feel legitimate and to trick the target into clicking a link, opening an attachment, or sharing sensitive information.

Examples

An attacker emails a finance employee using the name of a real supplier and asks them to review an “updated invoice” attachment.
A message appears to come from a manager and asks an employee to sign in to a fake portal to review an urgent document.

Discover 🔎

Phishing is common because it works, but spear phishing works even better because it feels personal. Attackers research their target and then send a message that fits their role, relationships, and normal workflow. When a message looks like it belongs in your day, you are more likely to act quickly, and that is exactly what the attacker wants.

Remember: Spear phishing is phishing with research. The message is tailored to the person, not the crowd.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.