We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is Spear Phishing?

Mary Elizabeth
By
Updated: May 17, 2024
Views: 7,763
Share

Phishing refers to a scam analogous to fishing — hence the name — in which the scammer tries to obtain valuable information by luring or baiting a person with an authentic-looking but phony communication that gains credibility by imitating a well-known corporate brand such as that of a bank, credit card company, etailer, social media site, or payment site. The term originated in 1996. Spear phishing continues the analogy and denotes a specific style of phishing.

Phishing emails are sent out to a wide audience and generally give a dire warning, stating that something bad can only be avoided by the recipient confirming certain information. The information is usually personal and critical, like a Social Security number or your account number and password. A hyperlink in the email takes the recipient to a website where the information is collected, with the result being that the recipient loses a bank account or is the victim of identity theft.

Spear phishing emails differ from phishing emails in several ways. First, they are sent to a carefully targeted audience, like employees of a certain organization, or members of a particular group. Second, the email appears to come from a colleague within the organization or group, and they are often constructed with more care than phishing emails, which may exhibit obvious signs of fakery. Third, the goal is not to simply get a name, password, or credit card information from an individual, but to infiltrate a company’s computer network.

One of the most notable spear phishing attacks, often referred to as “whaling” because of the caliber of the target audience, was a 2008 double whammy attack against around 20,000 senior corporate executives. Two thousand fell for the first attack but only 70 for the second. Both of the attacks masqueraded as an official subpoena to appear before a Federal grand jury, and clicking the link to what was supposed to be a fuller copy of the subpoena actually led to a site where an additional click installed software on their computer that allowed the theft of log-in credentials. The malware in the first case was caught by only eight of the top 35 anti-malware products, and the modified malware was only picked up by 11 of them in the second attack.

There are steps that people can take to avoid spear phishing scams. If one suspects a scam, one should call the person an email appears to be from. One should never click on any links in a suspicious email or open any attachments. It is also a good idea to call one’s IT department or Internet Service Provider (ISP) for guidance. Rather than just deleting suspicious email that may arrive at one’s work, one would do better to report it to the proper person in one’s company.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Mary Elizabeth
By Mary Elizabeth
Passionate about reading, writing, and research, Mary Elizabeth is dedicated to correcting misinformation on the Internet. In addition to writing articles on art, literature, and music for WiseGeek, Mary works as a teacher, composer, and author who has written books, study guides, and teaching materials. Mary has also created music composition content for Sibelius Software. She earned her B.A. from University of Chicago's writing program and an M.A. from the University of Vermont.

Editors' Picks

Discussion Comments
Mary Elizabeth
Mary Elizabeth
Passionate about reading, writing, and research, Mary Elizabeth is dedicated to correcting misinformation on the...
Learn more
Share
https://www.wisegeek.net/what-is-spear-phishing.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.