What is spear phishing?

Cyber    Tom Barton, September 16 2021
2 mins

You may have already heard of the term phishing and why phishing attacks happen, but this isn’t the only social engineering tool that cyber criminals use to steal sensitive and confidential information. Another commonly used method of attack in the cyber world is spear phishing. But what is spear phishing, and how can you identify a potential attack through this method? 

To answer this question, first, you need to understand what phishing is.

What is phishing?

Phishing is a social engineering tactic whereby cyber criminals send out malicious communication in bulk to request users to respond, download attachments, or click links. This often leads to malware being installed onto the user’s computer, giving the criminal the foothold they need to access your network and steal the data they want.

Now you know what phishing is, the definition of spear phishing will make more sense. 

What is spear phishing?

Unlike phishing, this social engineering tactic targets individuals to steal their confidential information such as bank details or passwords.

Whereas phishing is a generalized, generic attempt aimed at a large group of users, spear phishing will be more personalized and will often be edited with details specific to that victim. 

This social engineering scheme involves more time and effort from cyber criminals. This is because they need to collate information and facts on their victim for the communication to appear as genuine as possible. 

To help you remember the definition, think of a physical spear. Using a spear, you can’t target more than one item at a time. Spear phishing is all about the attacker spearing that one victim, that one target, for information. 

How do they get their information for their spear phishing attempt?

Cyber criminals will target users who have put personal information on the internet to make it easier to gather the details they need. They will often include viewing social media profiles to provide them with a lot of information such as; friends list, geographic location, email address, and any posts about recent purchases. They may also be able to see the victim’s hobbies and specific areas of interest. 

What happens next?

Once they have enough information, they will create a genuine-looking email that acts as a friend or someone they know to send a persuasive yet fraudulent communication. 

These may also contain a sense of urgency to help increase the chance of success alongside explaining why it is required immediately. The information requested is often similar to that of a phishing attack. There will often be a malicious attachment or a link leading to a website that asks for personal details, including passwords. Alternatively, if the attacker is pretending to be a friend, they may ask for login details directly for various websites such as social media. Once they acquire this, they will attempt to access other websites with these logins to steal confidential information, including credit card details.

Due to the personalized, individual-focused method of attack, it is often harder to identify spear phishing attempts. This means these types of social engineering schemes are becoming more prevalent in this digital age. 

To find out more about how we can help you with your cyber security, contact us today.


About Ava Security

Ava Security specialize in cyber and video security solutions around the world. Our mission is to create a better, smarter way to deliver security. Our teams of experts are always looking at new and innovative ways and technology to make companies’ lives easier and more secure. We strive to evolve, build upon, and create new solutions constantly to keep up with the ever-changing needs of businesses and organizations.