What is Spear Phishing and how to protect against it?

28 September 2023 12 minutes Author: Cyber Witcher

Spear Phishing Specifications: What you should know about this threat

Spear Phishing is a type of cyber attack that targets a specific person or organization and involves sending malicious emails disguised as legitimate messages from trusted sources. This type of attack is more targeted compared to regular spam emails and phishing, as attackers usually have prior information about the potential victim and try to gain sensitive information or access to the system through manipulation of personal data. The main goal of Spear Phishing attacks is to gain access to accounts, confidential data, financial resources or other important information. Attackers who use this type of attack usually put a lot of effort into creating convincing and profitable scenarios that entice the potential victim to respond to the email or follow the instructions provided in the email.

Defense against Spear Phishing attacks includes educating and training users to recognize suspicious messages, verifying message sources, using anti-virus software, two-factor authentication, and keeping software and operating systems up to date. Following these steps helps reduce the risk of falling victim to a spear phishing attack and keeps your information private. Unlike other types of phishing scams, which are usually used to target large groups of people at once, targeted phishing is aimed at specific individuals. Such messages are personalized to appear as if they came from a trusted source, such as a colleague or other respected organization.

Targeted email phishing tactics

Phishing emails often use convincing language and formatting to appear completely legitimate. Some common tactics used in phishing emails include the following features.

1. Urgent or threatening wording

Phishing emails often create a sense of urgency or threat, prompting the recipient to take immediate action without taking the time to verify the authenticity of the request. For example, an email may claim that there has been a security breach and that the recipient needs to confirm their credentials for an attached link to avoid further harm.

2. The suspect

Phishing emails often come from suspicious or unfamiliar email addresses. They can also copy the e-mail address of a trusted person or organization almost verbatim, using special characters to create the illusion that the sender is completely legitimate.

3. Incorrect grammar or spelling

Targeted phishing messages may contain grammatical or spelling errors due to the incompetence or haste of the attackers. However, as time goes on, scammers become more sophisticated and can carefully craft emails with excellent grammar and spelling, creating a greater credibility.

4. Suspicious attachments or links

Phishing emails may contain suspicious attachments or links that, when executed, can download and install malware or direct the recipient to fake websites where the attackers will attempt to steal the victim’s personal information. Attachments or links may be disguised as legitimate documents or web pages to mislead the recipient.

5. Unusual requests for information

Phishing emails can often contain unusual requests for personal or sensitive information, such as passwords, personal or financial information. The e-mail may also contain a request to the recipient to perform a certain task or perform some action that is not characteristic of his official duties or usual behavior.

How does targeted phishing work?

Phishing uses email to manipulate emotions such as trust, fear, and curiosity to obtain valuable and confidential data or other important information.

Attackers usually research their targets in advance through social networks or additional publicly available information in order to create the most personalized phishing email that is most likely to actually fool the victim. Hackers can impersonate a representative of a respected organization or even a colleague, manager or executive of the targeted organization.

The phishing attempt will include a call to action similar to one of the following: clicking on a link, downloading an attachment, providing login credentials, or sending real-time payments.

Collection of information

Attackers typically gather information about their targets from a variety of sources, including:

  • Social Media: Attackers can use social media platforms such as VK, Instagram*, Facebook* and Twitter* to learn more about their targets’ personal and professional lives.

  • Online Research: Threat actors can conduct online research to learn information about their targets’ job titles, responsibilities, and companies they work for.

  • Email lists: Attackers can obtain email lists from data breaches, the dark web, or other sources to target specific people or organizations.

Executing an attack

Once the attackers gather enough information about their target, they will send an email that looks legitimate and trustworthy. Any of the methods described above can be used for this.

An email is then sent to the recipient. Let’s say the target falls for the scam and clicks on a malicious link or downloads an attachment.

In this case, the victim may inadvertently do any of the following:

  • install malware on your device;

  • provide confidential information to fraudsters;

  • give fraudsters access to protected systems.

Depending on the attackers’ goals, they can use the gained access to steal sensitive information (for example, financial data or personal information) or to install additional software. Maliciously, it can help hackers gain access, complete system control, and launch capabilities. more sophisticated attacks.

Types of targeted phishing attacks

Spot phishing attacks are usually carried out using emails or text messages, also known as “Smishing” (SMS phishing). Below are some popular tactics that attackers commonly use to obtain data from their victims:

CEO fraud

So-called “executive fraud” is when attackers impersonate a high-level executive, such as a CEO, within a company, or another person in a position of responsibility, in order to trick a target into taking a certain action, such as making a bank transfer or providing confidential information.

In a typical attack using this method, cybercriminals send an e-mail impersonating the aforementioned responsible person using a fake e-mail address that at first glance appears to be completely legitimate.

Attempts to send an email may use the urgency and importance tactics described earlier. Scammers can even use social engineering techniques to provide a plausible explanation for the request and finally take advantage of the victim’s trust.

Rank-and-file employees may often not question such requests, especially if they come from someone in a position of authority. As a result, attacks of this type can be very effective and cause significant financial damage to businesses.

Whale hunting

Veiling is a type of phishing that targets senior executives or individuals with access to highly confidential information. In other words, aimed at “big fish” or “whales”. Stealth attacks often require a high level of sophistication and sophisticated social engineering techniques to establish trust between the target.

For example, an attacker can conduct in-depth research into a target’s job duties, work history, and personal life to craft a personalized and persuasive email.

Successful whaling attacks are often very effective because senior executives have access to large sums of corporate money and particularly sensitive information. They may also be more vulnerable to these attacks because they often receive a large number of emails and therefore may not have enough time to examine them carefully.

BEC attacks

Business Email Compromise (BEC) is a threat in which actors use targeted phishing tactics to gain access to an organization’s email system and conduct further fraudulent activities. They usually involve the attackers compromising the email of any company employee, be it an ordinary office clerk or a manager, and then impersonating them. That is, from a real legitimate account, criminal hackers start communicating with the victim’s colleagues inside the company, also distributing plausible phishing emails to them.

BEC attacks can also be highly effective. The US Federal Bureau of Investigation even called BEC a “$43 billion fraud”, citing statistics of incidents reported to the Internet Crime Complaint Center between 2016 and 2021.

Palo Alto Networks Unit 42 researchers also found in 2021 that 89% of organizations affected by BEC attacks did not implement multi-factor authentication or follow email security guidelines.

Counterfeit brand

Brand spoofing is a type of targeted phishing attack where attackers impersonate a well-known brand or organization in order to trick the target into providing sensitive information. Phishing attacks often involve creating a fake website or email that appears to be from a legitimate source, using logos, branding, and other details to make the attack look authentic.

Impersonation attacks can take many forms, including:

  • Fake login pages: Criminals create a fake login page that looks like a legitimate brand’s website, often using similar colors, fonts, and logos to make it look authentic. In this way, the target is tricked into entering their login credentials, which the criminals then successfully intercept.

  • Phishing emails: The victim is sent a phishing email purporting to be from a legitimate brand, also using the company’s logo and other branding elements. The email may request the target user to follow a link or provide sensitive information such as login credentials or financial information. Of course, hackers somehow justify these manipulations, so they do not arouse much suspicion on the part of the victim.

  • Malware: Criminals create a malicious app or mobile website that pretends to belong to a legitimate brand. The app or website may request access to sensitive information or contain malware that steals data from the target’s device.

Collection of credentials

Attackers trick users into opening their credentials to access accounts or sensitive data by impersonating a reputable organization or service.

In a credential harvesting attack, fraudsters often send fake emails or create a fake website pretending to be a legitimate organization (such as a bank or social media platform).

The hacker then asks the user for login details. Credential harvesting attacks can take many forms, including phishing emails, fake websites, or malware.


In this attack, attackers usually receive a legitimate email sent to the target in the past. They then create an almost complete copy of that email and resend it from their address, often using the same branding and layout, but with a few key differences. For example, hackers can change the sender’s email address, links in the email, or attachments to malicious ones.

Delivery of malicious programs

Some phishing attacks may use malware to gain unauthorized access to sensitive information or to cause additional damage to computer systems. Malware can take many forms, including ransomware, spyware, and botnets. Malware is often delivered via email attachments or malicious links on fake websites.

How to protect yourself from targeted phishing?

There are several ways that individuals and organizations can protect themselves from targeted phishing attacks.

1. Training and awareness of employees

It is very important to provide employees with security training on the risks of phishing attacks. And also about how to recognize suspicious e-mails and respond to them correctly.

Training should cover:

  • Guidelines for screening email senders.

  • Detection of suspicious links and attachments.

  • Reporting suspicious emails to IT professionals or security staff.

2. Implementation of advanced security methods

Strong security measures such as multi-factor authentication, network segmentation, firewalls and intrusion detection systems can help prevent unauthorized access to sensitive information and systems.

3. Use of specialized anti-phishing software

Anti-phishing software can help detect and block suspicious emails, links and attachments before they reach users’ mailboxes.

4. Regular data backup

Regularly backing up critical data will help mitigate the effects of a successful targeted phishing attack. In the event of a hack or ransomware attack, having backups can help quickly restore important data and employee productivity.

5. Follow cyber security news

Keeping abreast of the latest security news and trends can help individuals within an organization stay on top of threats and vulnerabilities. This information can be used to prevent the implementation of security measures and to protect against targeted phishing.

What to do if you are a victim of targeted phishing

If you suddenly become the victim of a targeted phishing attack, it’s important to act quickly to minimize any damage.

Here are some steps to take:

  • Report the incident. Notify your IT and security services immediately. They can help assess the extent of damage and take appropriate steps to prevent further attacks.

  • Change your passwords. If you have shared your login credentials with attackers, immediately change your passwords for any accounts that may have been compromised.

  • Notify management and others affected. Notify any other employees who may also be affected by the attack and data breach. Better to use different methods to contact them than the compromised email account.

  • Keep an eye on your accounts. Please review and continue to monitor your accounts for any suspicious activity or unauthorized access. If you find anything, report it to security and take steps to protect your accounts.


Targeted phishing is designed to trick victims into revealing confidential information or infecting computer systems with malicious software. It’s important to be vigilant and scrutinize all incoming emails, especially those that ask for sensitive information or just seem suspicious.

Remember that targeted phishing attacks are often very sophisticated and quite difficult to detect. To protect yourself, it’s important to treat any email that asks for sensitive information with caution, even if you think it’s from a trusted source.

Double-check the email address, be wary of unsolicited attachments or links, and if in doubt, contact the intended sender via another communication channel to confirm the request.

Additionally, keeping the security software on your organization’s computers up-to-date can help protect against the many malicious activities that can be carried out in these emails.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.