+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Spear Phishing?

Spear phishing is a targeted phishing attack that uses information about a specific person, role, company, or workflow to make the message more convincing. Instead of sending the same lure to everyone, the attacker shapes the request around the target.

Learn More
Glossary Index Phishing & Social Engineering
Short definition

Spear phishing is personalized phishing. The attacker researches the target and sends a message that appears relevant, timely, and trustworthy so the person will click a link, open a file, share credentials, approve a request, or send sensitive information.

At a glance: Spear phishing is dangerous because the message often contains enough real context to feel like normal business.

Spear Phishing Meaning

Spear phishing narrows the target. A generic phishing email might say an account is locked. A spear phishing email may mention a real vendor, project, coworker, invoice, job role, event, or internal process. That personalization is what makes the attack harder to dismiss.

Attackers can gather details from public sources, breached data, company websites, social media, job postings, press releases, conference agendas, and previous email threads. They may also use information from a compromised account to make the message look like part of an existing conversation.

The attack can arrive through email, but the strategy may involve other channels too. A spear phishing message might be followed by a text, phone call, chat message, or fake document portal. The goal is to create enough continuity that the target treats the request as expected.

For businesses, spear phishing is especially relevant because different roles carry different risk. A finance employee may be targeted for payment changes. HR may be targeted for employee records. IT may be targeted for credentials or administrative access. Executives may be targeted because their names can influence others.

How Spear Phishing Works

Spear phishing uses research and timing to make a malicious request feel specific to the target.

  1. The attacker profiles the target. They collect names, roles, vendors, projects, writing styles, business relationships, and likely responsibilities.
  2. A relevant pretext is chosen. The story may involve an invoice, shared file, HR update, customer issue, executive request, or security alert.
  3. The message is tailored. The attacker uses details that make the email feel less random and more connected to real work.
  4. The target is asked to act. The request may involve clicking, opening, logging in, replying, approving, wiring money, or sharing data.
  5. The first success supports the next step. Stolen credentials, files, or trust can lead to account takeover, business email compromise, or deeper access.

Common Spear Phishing Examples

Spear phishing messages usually look like something the target might plausibly handle.

  • Vendor invoice lure: A finance employee receives a message about a real supplier with a fake invoice or payment link.
  • Shared document request: A message appears to come from a coworker asking the target to review a file through a fake login page.
  • HR or payroll update: An employee receives a personalized message about benefits, tax forms, or direct deposit.
  • IT security notice: A targeted warning claims the user must verify an account, approve MFA, or reset a password.
  • Customer or deal context: Sales or support staff receive a message referencing a real account, opportunity, or support issue.

Why Spear Phishing Matters

Personalization lowers suspicion. When a message includes a real name, project, vendor, or business detail, the target may spend less time questioning the source.

The business impact can be significant because spear phishing often aims at people with useful access. One compromised finance, HR, IT, or executive account can expose data, redirect payments, or help attackers impersonate trusted insiders.

Spear phishing also creates a training challenge. Users cannot rely only on obvious spelling mistakes or strange greetings. Many targeted messages look professional, brief, and aligned with the recipient’s job.

How to Reduce Spear Phishing Risk

Protection works best when users and workflows are prepared for targeted, believable messages.

  • Verify unusual requests. Use known channels for payments, account changes, sensitive files, and executive instructions.
  • Treat context as a clue, not proof. Real names, projects, and vendors can be copied from public or compromised sources.
  • Use strong identity controls. MFA, conditional access, password managers, and account monitoring can reduce damage after a credential lure.
  • Train by role. Finance, HR, IT, sales, and executives should see examples that match their actual workflows.
  • Report quickly. A targeted message may also be sent to nearby coworkers, managers, or shared inboxes.

What to Do After a Spear Phishing Click

A targeted message may be part of a larger campaign, so response teams need context quickly.

  1. Report the message. Preserve the email, headers, links, attachments, and any follow-up communication.
  2. Protect the account. Reset credentials, revoke sessions, and review MFA approvals if a login page was involved.
  3. Check related workflows. Look for payment changes, forwarding rules, shared files, mailbox access, or unusual approvals.
  4. Warn similar targets. People in the same role, project, vendor relationship, or department may receive related lures.

Related Spear Phishing Terms

Spear phishing often combines impersonation with believable business context.

Spear Phishing Takeaway

A targeted lure can feel like it belongs in the workday because it uses names, timing, and details the recipient recognizes.

Verification should focus on the requested action, not just the sender. If the message involves access, money, credentials, or sensitive data, context alone is not enough.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Spear Phishing

Quick answers about targeted phishing, personalized lures, business risk, and role-based prevention.

What is spear phishing?

Spear phishing is a targeted phishing attack aimed at a specific person, role, team, or organization using personalized details to make the message more believable.

How is spear phishing different from regular phishing?

Broad phishing is often sent to many people with generic wording. Spear phishing is tailored to the target, often using names, roles, projects, vendors, or recent events.

Who is targeted by spear phishing?

Attackers may target executives, finance staff, HR teams, IT administrators, customer support, sales teams, or employees with access to valuable systems and data.

How can organizations reduce spear phishing risk?

They can combine targeted awareness training, email security, strong identity controls, verification workflows, and easy reporting for suspicious messages.