Overview: Spear Phishing

Quick Definition

Spear Phishing is a particular, narrowly-targeted form of phishing attack, a social engineering attack in which users are tricked via email into surrendering login credentials or installing malware. As opposed to phishing, in which potentially millions of email addresses may be targeted at once, spear phishing targets a single user or a short list of high-value users via email and/or other electronic communication methods with the goal of obtaining access to systems on which they have privileges.

Spear phishing relies more heavily on background knowledge about the targeted individual(s) and often involves the assembly of more sophisticated and multi-layered ruses designed to fool even relatively security-literate individuals.