Everything You Need to Know About Spear Phishing

Everything You Need to Know About Spear Phishing

Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim.

  • Jul 24, 2018

In a phishing scheme, a victim is tricked into divulging information that can be used in a scam. Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim. 95% of enterprise network attacks involve a successful spear phishing attempt, and it’s a problem for individuals too.

So what’s the solution? Unfortunately, phishing attacks aren’t likely to go away anytime soon, and will continue to become more sophisticated. As such, the best line of defense is to know what to look out for and have your wits about you.

In this post, we’ll explain spear phishing with some examples, and show what you can do to prevent a successful attack.

What Spear Phishing Is

Spear phishing scams come in many flavors including brandjacking, in which scammers pose as businesses to dupe customers, and whaling, which targets company executives. They all have one thing in common: Unlike a run-of-the-mill phishing attempt, a spear phishing attack is targeted, and the scammer is armed with some knowledge about the victim.

This knowledge could be learned by various means such as a previous phishing attempt, a data breach, or social media. The lattermost can provide a ton of information, such as where one travels, eats, shops, banks, and more. The fraudster uses whatever information they have to earn the victim’s trust and obtain more information.

Spear phishing attempts often take place through email, but this isn’t always the case. Voice phishing (vishing) and SMS phishing (smishing) can also form part of a targeted attack.

To get a better idea of the types of spear phishing attacks making the rounds, we’ll look at a few examples:

  • Ubiquiti Networks Inc: A 2015 case saw this company swindled out of over $40 million in a case of CEO fraud. Employees thought senior executives were directing them to transfer funds from a Hong Kong subsidiary, but emails were actually fraudulent and funds were sent to the scammers.
  • Electronic Frontier Foundation (EFF): Another 2015 case involved a fake EFF website. Although it’s unclear who the targets were, the perpetrators capitalized on the trust placed in the EFF and duped victims into downloading keyloggers and other types of malware.
  • PayPal: PayPal users are popular targets of phishing attacks, with some being hit with more targeted emails that actually address them by name.

These are just a few of the large-scale scams that have been uncovered, but many smaller-scale schemes are in place at any given time, such as the impressive but fake Apple email below.

Bear in mind that messages might not always impersonate a company, and many spear phishing attempts can appear to come from individuals. For example, scam artists can easily pose as a friend or family member, or someone from the same local area or religious group.

How You Can Avoid Spear Phishing Scams

There really is no way to prevent perpetrators from attempting phishing scams, but businesses and consumers can defend against them. Here are the steps you can take:

  • Educate yourself: Alarmingly, 41% of people can’t identify a phishing email and 30 percent of all phishing emails in the US are actually opened. As an individual, you can educate yourself about what to look out for, and if you run a business, it’s a good idea to train employees in security awareness.
  • Use common sense: Look out for indicators that an email is fake, such as a misspelled company name or link text that doesn't match the link URL. Avoid clicking links and attachments in emails, and if you do land on a website, check for HTTPS in your browser’s address bar. Things like lack of an about page, outdated copyrights, or no contact information can be giveaways.
  • Don’t send personal information: This should fall under common sense, but it’s worth the extra emphasis. Businesses will rarely ask you to provide personal information over email, phone, or text message. Verify such requests using contact information from the actual company website.
  • Employ the use of tools: For businesses, tools like PhishDefender and Cofense can help prevent against successful phishing attempts. For individuals, spam filters can weed out many phishing emails. Additionally, password managers can detect phishing sites, as they’ll only autofill forms on known sites.
Spear phishing attacks are becoming more sophisticated, and it would be impossible to defend against every one. However, with a little education and a lot of common sense, you can help prevent

Featured

  • Security Industry Association Announces the 2026 Security Megatrends

    The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.