Library
spear phishing
Spear Phishing
Spear phishing is a highly targeted form of phishing where attackers customize their fraudulent messages for a specific individual, organization, or role. Unlike generic phishing, spear phishing uses personal information gathered from social media, company websites, or data breaches to make the attack more convincing.
How to identify
- The email appears to come from a known colleague or superior
- Contains specific personal or organizational details
- Requests unusual actions like wire transfers or credential sharing
- Creates a sense of urgency tied to a specific project or deadline
- May reference real events or relationships within your organization
- Slightly off email addresses mimicking real contacts
How to prevent
- Verify unusual requests through a separate communication channel
- Limit personal information shared on social media
- Implement email authentication protocols (SPF, DKIM, DMARC)
- Train employees to recognize targeted attacks
- Use advanced email filtering with AI-based detection
- Establish verification procedures for financial transactions
Learn more