What is Spear Phishing?


Phishing attempts directed at specific individuals or companies have been termed spear phishing. These are highly targeted attacks. This technique is by far the most successful on the Internet today. Attackers gather personal information about their target to increase their probability of success in the phishing attack.


We have covered phishing attacks before, which are usually mass attempts of communication sent out to groups in the hopes that someone from that group will bite and release information hackers are looking for. In spear phishing, the attacks are far more targeted, and in the end could end up being extremely impactful.


The attackers in spear phishing attacks often disguise themselves as a trustworthy entity and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).


Usually the attacker has completed vast research on their target. They may have scrolled through the target’s social media to see where they live, who they are friends with, and what they typically buy. This makes the fraud even harder to detect for the victim. Once the hacker has completed all of their research, they pose as a reliable source and go after their victim. With enough sensitive information, hackers can open bank accounts or pose as the victim to open new, fraudulent accounts in the victim’s name.


How can you prevent spear phishing?


As with all phishing attacks, proactive measures must be taken in order to prevent being a victim.


  • Take a look at your social media and online profiles. What personal information have you posted? Make sure you are only sharing what you would want a potential scammer to see. If there is any information you don’t want a scammer to see, it shouldn’t be online.


  • Use password best practices when setting your passwords. Don’t use the same password across multiple accounts. Most importantly, never share your password with anyone.


  • Do not click links in emails. Even if it looks legitimate. Go directly to your browser and visit that business. Just don’t click links in emails, promise?


Spear phishing can happen to anyone. Arming yourself with knowledge is the first step in preventing this from happening. If you want to learn more about measures you can take to prevent you or your business from spear phishing, contact us today.