Spear Phishing

What is Spear Phishing?

  • Spear Phishing is a targeted phishing attack where the attacker has a sufficient amount of expertise to carry out a long knowledgeable scheme to reach their goal of stealing data, money, or breaching the intended network or devices.

How does Spear Phishing Work?

  • The attacker will research their potential victim by learning about their reporting structure or department structures. They do this by reviewing the victims website or researching social media.
  • The attacker will also research the news about the victim to see if there is anything that can be exploited.
    • For example, a ribbon cutting for upcoming construction on a new building or a change in President or CEO.
  • The attacker will then use that information to try and exploit only a select few people in the victims organization. This first step is usually done by a carefully crafted Phishing email or a Vishing phone call.
  • Once they have established communications with someone within the organization they will then manipulate them into doing something unknowingly malicious. For Example:
    • The attacker will get the victim to open an infected document on their computer, granting them access to the network.
    • The attacker will have the victim change an Accounts Payable account to redirect funds to a bank account where they money will be laundered.
  • Once the attacker has what they want they will either leave or continue to get money or data for as long as they can.

A lot of the times Spear Phishing is usually carried out by using a Business Email Compromise (BEC Attack) or an Email Spoofing Attack. Click Here to learn more.


To learn more about phishing visit our Phishing website or the Get Cyber Safe Phishing website.