A targeted form of phishing where attackers research specific individuals and craft personalized messages using information about their role, relationships, and activities to dramatically increase success rates.
Unlike mass phishing campaigns that cast a wide net with generic lures, spear phishing targets specific individuals with highly personalized content. Attackers research their targets using social media profiles, corporate websites, press releases, and previously compromised data to craft messages that reference real colleagues, projects, or events. This personalization makes spear-phishing emails significantly harder to detect — both for users and for automated email security tools.
Spear phishing is the preferred initial access technique for sophisticated ransomware groups targeting high-value organizations. The attackers identify individuals with access to critical systems — IT administrators, finance teams, or executives — and craft lures specifically designed to trick those individuals. Common spear-phishing pretexts include fake invoice approvals from known vendors, calendar invitations from colleagues, document sharing notifications from trusted cloud services, and urgent requests from executives (a sub-category known as "whaling").
Spear phishing is harder to defend against than mass phishing because the emails closely mimic legitimate communications. Key defenses include impersonation protection features in email security platforms that detect display name spoofing and domain lookalikes, phishing simulations that include targeted lure scenarios, security awareness training that teaches employees to verify unusual requests through out-of-band channels, and phishing-resistant MFA that prevents credential theft even when users are successfully deceived.