← Back to Attack Types

Spear Phishing Attacks

Critical Threat Level

Highly targeted, personalized phishing attacks aimed at specific individuals using researched information

65%
Of targeted cyberattacks use spear phishing
53%
Success rate for spear phishing vs 3% for mass phishing
82%
Of breaches involve human element (spear phishing)

What is Spear Phishing?

Unlike mass phishing campaigns sent to thousands, spear phishing is a targeted attack against specific individuals. Attackers research their targets using LinkedIn, social media, company websites, and other public sources to craft highly personalized, convincing emails.

Spear phishing emails reference real projects, colleagues, vendors, or business relationships making them far more believable than generic phishing. The goal may be credentials, financial fraud, malware delivery, or gaining initial access to corporate networks.

Why It's Effective:

  • Uses your name, job title, projects, and professional relationships
  • Appears to come from colleagues, partners, or industry contacts
  • References specific, verifiable details to build trust
  • Bypasses generic phishing awareness training
  • Often targets specific individuals with access to valuable data

How Spear Phishing Attacks Work

Phase 1: Target Selection & Research

Attackers identify high-value targets and gather intelligence:

  • LinkedIn: Job title, responsibilities, connections, recent posts
  • Social media: Personal interests, travel schedules, family information
  • Company website: Projects, press releases, organizational structure
  • Conferences/events: Speaking engagements, attendance
  • Data breaches: Email addresses, passwords, personal details

Phase 2: Attack Preparation

Create personalized attack using researched information:

  • Craft email referencing real projects, people, or events
  • Register lookalike domains or compromise legitimate accounts
  • Create fake personas (colleague, vendor, partner)
  • Prepare credential harvesting site or malware payload

Phase 3: Attack Delivery

Send highly personalized email at optimal time:

  • Reference specific projects or ongoing work
  • Impersonate trusted colleague or business partner
  • Create plausible urgency without obvious red flags
  • Send when target likely busy/distracted (end of day, travel)

Real-World Example

Target: CFO of manufacturing company

From: John Smith <jsmith@trustedauditingfirm-corp.com>

Subject: Re: Q4 2024 Audit - Additional Documentation Needed

"Hi Sarah,

Following up on our call last week about the Q4 audit timeline. We need copies of the Phoenix facility acquisition documents to complete Section 12 of the report before the board meeting on the 18th.

Can you upload them to our secure portal? [MALICIOUS LINK]

Thanks for your help keeping us on schedule. Give me a call if you have questions about which specific docs we need.

Best regards,
John Smith, Senior Auditor"

Personalization Tactics:

  • Uses CFO's real name and mentions real audit firm
  • References actual Phoenix facility acquisition (public information)
  • Mentions real upcoming board meeting date
  • Creates plausible scenario fitting normal business operations
  • Lookalike domain: trustedauditingfirm-corp.com vs trustedauditingfirm.com

Detection Strategies

Spear phishing is harder to detect because it's personalized and plausible. Focus on verification:

  • Verify unexpected requests through separate channel - call sender using known number
  • Scrutinize sender email address carefully - not just display name
  • Question urgent requests even from apparent colleagues - attackers create artificial urgency
  • Be suspicious of requests outside normal processes - "please bypass normal approval"
  • Verify links before clicking - hover to preview URL destination
  • Check for slight inconsistencies - different writing style, unusual requests
  • Use HeaderScope to verify email authentication - SPF/DKIM failures indicate spoofing
  • Trust your instincts - if something feels off, verify before acting

Prevention Strategies

1. Limit Public Information

  • Review social media privacy settings (LinkedIn, Facebook, Twitter)
  • Limit job responsibilities and project details in public profiles
  • Don't post travel schedules or out-of-office status publicly
  • Be cautious about organizational charts and employee directories
  • Train executives on OPSEC (operational security)

2. Verification Protocols

  • Establish code words for sensitive requests
  • Verify through separate communication channel (not reply to suspicious email)
  • Implement dual approval for high-risk actions
  • Create culture where verification is expected and encouraged

3. Technical Defenses

  • Advanced email filtering targeting spear phishing patterns
  • External email warnings with sender verification prompts
  • Link rewriting and sandboxing for URL safety
  • Disable auto-forwarding rules (attackers create these)
  • Monitor for account compromise indicators

4. Awareness Training

  • Conduct realistic spear phishing simulations
  • Train employees to recognize personalization tactics
  • Emphasize verification culture over speed
  • Share real spear phishing examples affecting your industry

Verify Targeted Emails with HeaderScope

When you receive a personalized request that seems plausible but unexpected, use HeaderScope to analyze email authentication before taking action. Spear phishing often involves domain spoofing that fails SPF/DKIM checks.

Analyze Email Headers →