® 
Spear Phishing
Definition
Spear phishing is a targeted form of phishing where attackers tailor their attack to a specific individual or organization. Unlike generic phishing, the message is personalized with specific information about the target.
Spear phishing is a targeted form of phishing in which attackers craft messages tailored to a specific individual or organisation, achieving success rates up to 53% higher than generic phishing campaigns according to Barracuda Networks research.
How does spear phishing work?
In a spear phishing attack, the adversary first invests time in reconnaissance about the target. Using LinkedIn, social media, corporate websites and public records, they build a profile covering job title, colleagues, ongoing projects, suppliers and communication style. With this intelligence, the attacker crafts a convincing message that appears to come from a trusted colleague, manager or business partner. The message typically includes specific context that makes it credible, such as a reference to a recent project or an outstanding invoice. Modern attackers leverage AI tools to make these messages even more convincing and error-free.
Types of spear phishing
Whaling specifically targets C-level executives and board members, often involving requests for large financial transactions. Clone phishing copies a previously legitimate email and replaces the attachment or link with a malicious variant. Lateral spear phishing occurs from an already compromised internal email account, making the message particularly credible. Business Email Compromise (BEC) combines spear phishing with social engineering for fraudulent payment requests.
Impact on organisations
Spear phishing is the most common initial attack vector in targeted attacks on organisations. The Verizon DBIR 2024 shows that targeted phishing is involved in over 70% of all successful corporate network breaches. The average financial damage from a successful spear phishing attack amounts to hundreds of thousands of euros, excluding reputational damage and legal costs. Under NIS2, organisations are required to demonstrably train employees to recognise targeted phishing. DORA sets comparable requirements for financial institutions. National cybersecurity centres warn that European organisations are increasingly targeted by sophisticated spear phishing campaigns from state-sponsored actors.
Protection against spear phishing
Effective protection combines technical and human measures. Technical: advanced email filtering with AI-based detection, DMARC/DKIM/SPF configuration, attachment sandboxing and URL rewriting. MFA on all accounts prevents stolen credentials from being immediately usable. Organisational: regular spear phishing simulations targeting specific departments and roles, verification procedures for financial transactions and sensitive requests, and a culture where employees feel safe reporting suspicious messages. Least privilege principles limit damage if an account is compromised.
How DEFION helps
DEFION conducts targeted spear phishing simulations as part of Security Awareness Masterclasses and Red Teaming engagements. The Email Risk Assessment reveals how vulnerable an organisation is to targeted email attacks. In the event of a successful attack, the 24/7 incident response team is immediately available.