Spear Phishing

Spear phishing is a highly targeted form of phishing in which attackers craft messages tailored to a specific individual or organization. Unlike bulk phishing, spear phishing leverages personal details — job title, colleagues' names, recent transactions, or internal terminology — to make the message appear legitimate. These details are typically gathered through open-source intelligence (OSINT), social media reconnaissance, or prior data breaches.

Spear phishing is responsible for the majority of advanced persistent threat (APT) intrusions and business email compromise (BEC) incidents. Because the messages are personalized, they defeat generic security awareness training and are significantly more likely to deceive even security-conscious recipients. A single successful spear phishing email can be the initial access vector for ransomware deployment, intellectual property theft, or financial fraud.

Attackers begin with a reconnaissance phase, collecting information about the target from LinkedIn, company websites, public filings, and leaked datasets. They then craft an email that mimics a trusted sender — a colleague, vendor, or executive — and include a plausible pretext such as an invoice approval, shared document, or urgent IT request. The payload is typically a malicious link, a credential harvesting page, or a weaponized attachment. Techniques include display name spoofing, lookalike domains, Reply-To mismatches, and homoglyph characters to defeat visual inspection.