Skip to main content
Learn more about the latest security and privacy threats
Back to Glossary

Spear phishing

Spear phishing is a targeted email attack designed to deceive a specific individual or organization into revealing sensitive information, such as login credentials or financial data. Unlike general phishing, it’s customized and often impersonates someone the target knows or trusts.

About Spear phishing

What is spear phishing vs phishing?

Phishing is a broad attack that targets many recipients with generic bait (e.g., fake bank alerts). Spear phishing is highly focused, personalized, and crafted to manipulate a specific victim. For example, it might appear to come from a colleague or boss with contextually relevant language.

What are the 3 types of spear-phishing emails?

1. Business Email Compromise (BEC): Impersonates a senior executive requesting urgent transfers or data. 2. Vendor Fraud: Pretends to be a supplier sending updated banking details. 3. Credential Harvesting: Links to fake login pages designed to steal usernames and passwords.

What protects from spear phishing?

Employee training, email filtering, and domain spoofing protection (like SPF/DKIM/DMARC) are critical defenses. Multi-factor authentication adds another layer, preventing attackers from accessing systems even if credentials are compromised. AI-based behavioral monitoring can also flag abnormal email requests.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.

Book a Demo