What is Spear Phishing? Definition, Examples, Prevention Strategies

What is spear phishing, you ask? Long story short, it’s a phishing technique that plays on the victim’s trust or, rather his gullibility. Spear phishing attacks are surgical, while general phishing attacks are more like “let’s cast this lure in the puddle and see what bites.” So, without further ado, let’s dig right into it. FYI: in this article, I’ll be covering the difference between spear and whale phishing and how to protect your company’s digital assets against them.

What is Spear Phishing?

Spear phishing can be defined as an email spoofing attack that targets very specific and very ‘employed’ individuals. As Aaron Ferguson, an NSA agent and West Point Professor, noted, spear phishing attacks are directed against an employee or an organization.

What makes them so successful? Spoofed emails used in the attack look like they’ve been sent by well-known market actors such as PayPal, Google, Spotify, Netflix, and even Apple Pay.

How Does Spear Phishing Work?

Spear phishing usually takes the guise of in-house emails, asking employees to fill in credential requests. Why would someone be willing to share his/her credentials via email? Well, think of it this way: how likely are you to nix an email from

Read More: https://heimdalsecurity.com/blog/what-is-spear-phishing/