Spear Phishing
A targeted phishing attack aimed at a specific individual or organisation, using personalised information to increase message credibility.
What is Spear Phishing?
Spear phishing is an advanced form of phishing in which the attacker prepares a message directed at a specific person or narrow group of recipients. Unlike mass phishing, spear phishing requires prior reconnaissance - the attacker gathers information about the target from social media, company websites, industry conferences and previous data breaches.
A typical spear phishing message might look like an email from a colleague in a department the target actually collaborates with, about a project they are genuinely working on, with an attachment named after a current task. The level of personalisation means even experienced users can be deceived.
Spear phishing is the preferred initial compromise vector for APT groups. The SolarWinds operation, attacks on Ukrainian energy infrastructure, APT29 campaigns against diplomatic organisations - in all these cases, spear phishing was one of the primary entry vectors. Modern campaigns increasingly leverage AI tools to generate credible content in the target’s language.
Why does it matter?
Spear phishing is significantly more effective than mass phishing - click-through rates reach 30-50% compared to 3-5% for mass campaigns. Defence requires a multi-layered approach: advanced email filtering with behavioural analysis, phishing-resistant MFA (FIDO2/WebAuthn), network segmentation limiting the impact of a single account compromise, and regular red team exercises with a social engineering component.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.