Overview
Direct Answer
Spear phishing is a highly targeted social engineering attack that uses personalised deceptive communications to manipulate specific individuals, teams, or organisations into disclosing sensitive information or granting system access. Unlike mass phishing campaigns, it exploits reconnaissance data about the victim to increase credibility and success rates.
How It Works
Attackers conduct detailed research on targets using public sources such as LinkedIn, company websites, and social media to gather names, roles, relationships, and business activities. They then craft messages that impersonate trusted contacts or organisations, referencing specific details that lower recipient suspicion and increase the likelihood of credential theft, malware installation, or wire fraud. The personalised nature of these communications makes them significantly harder to detect through automated filtering systems.
Why It Matters
Spear phishing poses substantial financial and reputational risk to organisations, often serving as the initial vector for data breaches, ransomware deployment, and insider threat facilitation. Regulatory compliance frameworks including GDPR and NIS2 require demonstrable security controls against such targeted attacks, making employee training and detection infrastructure critical investments.
Common Applications
Financial institutions face attacks targeting treasury and procurement staff to authorise fraudulent transfers. Healthcare organisations experience campaigns impersonating administrative personnel to access patient records. Enterprise security teams frequently observe phishing targeting executives and system administrators to compromise privileged accounts.
Key Considerations
Detection remains challenging because legitimate business communication patterns are exploited; organisational context and relationship verification become essential defences rather than purely technical controls. No single defensive mechanism addresses this threat comprehensively.
Cross-References(1)
More in Cybersecurity
DevSecOps
Security GovernanceAn approach integrating security practices within the DevOps process, making security a shared responsibility.
Next-Generation Firewall
Defensive SecurityAn advanced firewall that goes beyond traditional packet filtering to include application awareness and intrusion prevention.
Cyber Threat Intelligence
Offensive SecurityEvidence-based knowledge about adversary capabilities, infrastructure, motives, and tactics that informs security decisions and enables proactive defence against cyber attacks.
Sandbox
Offensive SecurityAn isolated testing environment that mimics production settings for safely running untrusted programs or code.
Information Security
Security GovernanceThe practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.
SOC 2
Security GovernanceAn auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.
Security Orchestration Automation and Response
Defensive SecurityTechnology that automates security operations by orchestrating tools and processes for incident response.
Cloud Security Posture Management
Security GovernanceAutomated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.