Back to Blog

Phishing For Answers: What is Spear Phishing?

Larkin Anders

Phishing for Answers is a video series answering common questions about phishing, ransomware, cybersecurity, and more. These videos are great to share with your colleagues, friends, and family! Today we’re talking about spear phishing.

Although they sound similar and are both equally as dangerous, Phishing and Spear Phishing are two separate types of attacks. Spear phishing is a targeted form of phishing. Phishing in turn is a form of fraud involving a threat actor masquerading as a trusted entity with the aim of acquiring sensitive information from an unsuspecting victim. In the classic version of this attack, the target receives an email that seems to come from a reputable source, such as a major internet or technology company, and is urged to log in to the popular website of the alleged source, for which a URL is provided. Clicking on the URL directs the victim to a fake copy of the website in question. Any information the victim submits to that web page, such as login credentials or credit card information, is harvested by the attacker.

Unlike phishing, spear phishing is designed from the ground up. Meaning they are designed with a specific target in mind. Normally the attacker will try to select a target within an organization and then send an email designed specifically for them. They either know the person very well and their vulnerability, or they are trying to attack a person without a lot of IT knowledge. But once the email is sent, spear phishing works just like phishing. The person is expected to click on a link or download a malicious file. If successful, hackers would then be granted access to your company's information and data. So a single attack like this can be extremely powerful and dangerous.

Users should be trained on how to identify spear phishing emails, avoid clicking links or opening attachments in suspicious messages, and always verify with the sender if something seems off.

Share on social media: 

More from the Blog

Hook Security Wins NEXT Venture Summit Pitch Competition

Hook Security was able to secure a spot in the top 10 and was given the chance to present to the panel of judges on September 22nd. Bringing home the win as Judge’s Choice and advancing to the on-stage competition in Atlanta. 

Read Story

Free Download: Cybersecurity Awareness Month Resource Kit

A complete kit of resources to show your support for 2022 Cybersecurity Awareness Month.

Read Story

Free Toolkit: Cybersecurity Awareness Month Promotion Kit

A complete toolkit for promoting 2022 Cybersecurity Awareness Month.

Read Story

Never miss a post.

Enter your email below to be added to our blog newsletter and stay informed, educated, and entertained!
We will never share your email address with third parties.