Everything You Need to Know About Spear Phishing

Everything You Need to Know About Spear Phishing

Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim.

In a phishing scheme, a victim is tricked into divulging information that can be used in a scam. Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim. 95% of enterprise network attacks involve a successful spear phishing attempt, and it’s a problem for individuals too.

So what’s the solution? Unfortunately, phishing attacks aren’t likely to go away anytime soon, and will continue to become more sophisticated. As such, the best line of defense is to know what to look out for and have your wits about you.

In this post, we’ll explain spear phishing with some examples, and show what you can do to prevent a successful attack.

What Spear Phishing Is

Spear phishing scams come in many flavors including brandjacking, in which scammers pose as businesses to dupe customers, and whaling, which targets company executives. They all have one thing in common: Unlike a run-of-the-mill phishing attempt, a spear phishing attack is targeted, and the scammer is armed with some knowledge about the victim.

This knowledge could be learned by various means such as a previous phishing attempt, a data breach, or social media. The lattermost can provide a ton of information, such as where one travels, eats, shops, banks, and more. The fraudster uses whatever information they have to earn the victim’s trust and obtain more information.

Spear phishing attempts often take place through email, but this isn’t always the case. Voice phishing (vishing) and SMS phishing (smishing) can also form part of a targeted attack.

To get a better idea of the types of spear phishing attacks making the rounds, we’ll look at a few examples:

  • Ubiquiti Networks Inc: A 2015 case saw this company swindled out of over $40 million in a case of CEO fraud. Employees thought senior executives were directing them to transfer funds from a Hong Kong subsidiary, but emails were actually fraudulent and funds were sent to the scammers.
  • Electronic Frontier Foundation (EFF): Another 2015 case involved a fake EFF website. Although it’s unclear who the targets were, the perpetrators capitalized on the trust placed in the EFF and duped victims into downloading keyloggers and other types of malware.
  • PayPal: PayPal users are popular targets of phishing attacks, with some being hit with more targeted emails that actually address them by name.

These are just a few of the large-scale scams that have been uncovered, but many smaller-scale schemes are in place at any given time, such as the impressive but fake Apple email below.

Bear in mind that messages might not always impersonate a company, and many spear phishing attempts can appear to come from individuals. For example, scam artists can easily pose as a friend or family member, or someone from the same local area or religious group.

How You Can Avoid Spear Phishing Scams

There really is no way to prevent perpetrators from attempting phishing scams, but businesses and consumers can defend against them. Here are the steps you can take:

  • Educate yourself: Alarmingly, 41% of people can’t identify a phishing email and 30 percent of all phishing emails in the US are actually opened. As an individual, you can educate yourself about what to look out for, and if you run a business, it’s a good idea to train employees in security awareness.
  • Use common sense: Look out for indicators that an email is fake, such as a misspelled company name or link text that doesn't match the link URL. Avoid clicking links and attachments in emails, and if you do land on a website, check for HTTPS in your browser’s address bar. Things like lack of an about page, outdated copyrights, or no contact information can be giveaways.
  • Don’t send personal information: This should fall under common sense, but it’s worth the extra emphasis. Businesses will rarely ask you to provide personal information over email, phone, or text message. Verify such requests using contact information from the actual company website.
  • Employ the use of tools: For businesses, tools like PhishDefender and Cofense can help prevent against successful phishing attempts. For individuals, spam filters can weed out many phishing emails. Additionally, password managers can detect phishing sites, as they’ll only autofill forms on known sites.
Spear phishing attacks are becoming more sophisticated, and it would be impossible to defend against every one. However, with a little education and a lot of common sense, you can help prevent

Featured

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.