What is spear phishing and how do I protect myself?

Spear phishing is defined as the act of sending emails seemingly from a known or trusted sender to targeted individuals to gather confidential information. It’s an email scam that often results in stolen information or data, virus or malware infection, or loss of funds.

Spear Phishing is a more targeted form of phishing that uses research and specially crafted emails to go after a specific individual.

The difference between Phishing and Spear Phishing


  • High volume spam emails.
  • Impersonal.
  • Contain generic information.
  • Easier to spot.
  • Contain malicious links or attachments.

Spear Phishing

  • Targeted attack.
  • Highly personalized.
  • Requires the hacker to research you.
  • Harder to spot.

Commonalities they share

  • Fraudulent.
  • Email based.
  • Looking to steal personal information, log in details, or money.
  • Create a sense or urgency.
  • Could be from a seemingly trusted source.


Spear Phishing attacks are very common. Follow these links to see some real-life examples and the damage it can lead to.

Hacker electronically steals several hundred thousand dollars in town funds in Franklin
New Spear Phishing Campaign Pretends to be EFF

How to protect yourself

  • Keep your systems up to date.
  • Implement multi factor authentication wherever possible
  • Check the email address. Don’t rely on display names.
  • Get a cloud spam filter. It may remove these emails before they reach you.
  • Be wary of unsolicited mail and unexpected emails, especially those that call for urgency.
  • Always verify with the person involved through a different means of communication, such as phone

Related Posts