Spear phishing is a very common form of fraud used by cyber criminals where the attacker tries to find out information such as login credentials or account information by pretending as a reputable entity or a person by using email, instant message or other communication channels.

Spear Phishing is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Instead of sending an email to millions of potential victims, cyber attackers send spear phishing messages to a very few selected individuals, like five or ten targeted people.

How does it work?

  • The "phisher" falsely claims to be an established legitimate enterprise and uses email to direct the user to visit a website, where they are asked to update personal information such as passwords, credit card and bank account numbers. These websites are bogus or fictitious websites, created to look like the real ones. But the motive is to steal the user's information.
  • Spear phishing attempts are not typically initiated by “random hackers”. They are more likely to be organized by perpetrators targeting to obtain financial gain or trade secrets. They generally seem to originate from a trusted source or from someone in a position of authority.