Cybersecurity
Spear Phishing
Definition
Spear phishing is a phishing attack that is targeted at a specific individual, organization, or business. Attackers conduct reconnaissance on the target to craft a more believable message that is tailored to the victim.
Why It Matters
Spear phishing attacks are much more effective than generic phishing because they are personalized and appear more legitimate. They are often used to target high-value individuals like executives or system administrators.
Contextual Example
A company's CFO receives an email that appears to be from the CEO, referencing a recent internal project and urgently asking them to wire money to a new vendor. The email is highly convincing because the attacker researched the company and its executives beforehand.
Common Misunderstandings
- Whaling is a type of spear phishing that specifically targets senior executives ("big fish").
- Because they are so targeted, spear phishing emails can be very difficult to distinguish from legitimate emails.