Spear Phishing: A Beginner’s Guide in 6 Easy Points


Spear Phishing has become a severe issue in the virtual industry. This is a targeted attack, where sensitive details like financial information and credentials of online users are stolen. These details are stolen for malicious reasons. Most of the time, the attack is imposed on friends and dear ones whose financial details are well-known by the attacker. Ordinary people who fall victim to these attacks are employers, hometown friends, buddies, and colleagues.

Likewise, the attack is executed on people who have bought recently from online stores. Many times, the attacker appears like a trustworthy friend. This makes it easier for the attacker to gather details from the victim. According to a recent study, more than 91% of online attacks are carried out on known victims mainly because it becomes easier to acquire financial, and confidential information from them.

  1. Spear Phishing Meaning
  2. Spear Phishing Attack
  3. How businesses get targeted?
  4. Examples
  5. SP Mail
  6. Tips to avoid SP attacks

1. Spear Phishing Meaning

Spear Phishing is often mistaken for a Phishing attack. Why? Both of these attacks focus on acquiring information from users. By definition, phishing tricks online users and makes them share sensitive information like credit cards, usernames, and passwords. Phishing and spear-phishing are both done for malicious reasons. Here phone calls, social media, and emails are used to target victims. In fact, text messages are also used to make contact with the victim. When text messages are used, the attack is known as “SMS Phishing, or smishing”. And, when phone calls are used, the attack is known as “voice phishing, or vishing”.

2. Spear Phishing Attack

So, how does the spear-phishing attack work?

Most of the time, people consider the spear-phishing attack as a simple one! However, the complexity of this attack has changed drastically in the past few years. To begin with, the attackers focus on the personal information of victims who are online. They tend to focus on individual profiles, as they browse through social media networking sites. When they visit a profile, they look for the friend’s list, email address, and geographic location of the victim. They also look for posts that speak about the gadgets and technological devices that are bought by the victim.

When these details are acquired, the attacker starts to pretend to like a familiar person or friend. Soon, they draft a compelling message, which is undoubtedly a fraudulent one. This fraudulent message is sent to the victim. The statement is drafted with the utmost care, and it turns to become the most convincing one of all. 

The above message is believed to have very high rates of success. The attacker uses a carefully chosen list of words, to specify the urgency of the message and why the sensitive information needs to be shared at the earliest. Once the victim comes across this message, they are forced to open a link or attachment. These attachments and links are malicious. They redirect to a spoofed site, which is where the victim’s PINs, access codes, and passwords are asked. 

The malicious site may request the username, and passwords of various social media networking sites too. Now, the above credentials will be used to access your photographs and other personal pieces of information. Most of the time, the data is used to extract sensitive information like Social Security Numbers and credit card details. 

Most of the time, the above details are used by the attackers to create a “brand” new identity. With this identity, they create bank accounts. Thus, funds and other critical resources of the victim are exposed. 

3. How businesses get targeted?

Businesses are targeted by attackers in three different ways. 

  • Display Name Spoofing is a standard method, where the sender’s (victim) name is impersonated over the email address. This is extremely effective. Why? Online users have the tendency of relying on senders who have their “name” imprinted on the email. This often works because many clients tend to view only the sender’s name and not their email address.
  • Domain spoofing is a sophisticated form of attack. This is where the spear phisher uses an email address when they want to spoof. The email address looks like a trusted one. Victims need to use a Secure Policy Framework to differentiate these emails from the original ones.
  • Cousin Domain is another type of spear-phishing attack. Here, a cousin email address is created. And, this email address looks like a real, legitimate one but with small changes. A few years ago, these email addresses were relatively easy to identify. However, attempts have become much more advanced in the past few years. Today, the attempts are more challenging and progressive to spot. 

4. Examples

Tricking people on the internet is no longer rocket science. Time after time, strategies have evolved. Today, these are some of the well-honed methods for attacking online users. Gift Card requests hack into employee accounts and trigger them to buy multiple gift cards. The employees are given codes that encourage employees to use, along with their financial details.

Direct Deposit changes are also a famous scam. Here, the hacker poses as an official employee of the company and emails the HR assistant for a direct deposit into their bank account.

Wire transfer requests are believed to be the most expensive form of attack. Here, a business email compromise happens where the hacker enacts as an executive and recommendations for an immediate fund transfer via the wire. In the past few years, several million dollars have been involved in these attacks. 

Finally, you have the ordinary W2 Spear phishing attacks. The attack sends multiple executive emails to the HR department. These emails request the department to share an employee’s W2 or US tax form with tax and earning details. During stressful tax periods, the HR department often falls for these attacks and shares crucial employee details. 

5. SP Mail

The emails used with spear-phishing are heavily targeted. This means the mails will differ from one person to person, and from one organization to another. A reason behind these variations is, any unification would raise the alarm among online users. These emails always showcase a sense of urgency. This is what makes the SP Mail different from the rest. It could be anything like changing a password, or opening an attachment, or accessing an account in the cloud – SP mails are bound to instill quick action and urgency. Yet, all of these details will be conveyed in a language that is familiar to the victim. 

6. Tips to avoid SP attacks

Multiple steps need to be taken to avoid the spear-phishing attacks. To begin with, you need to focus on the traditional forms of email defense. This is where you need to block IP addresses and URLs that belong to less-reputed sources. Reputation is a simple way of finding the authenticity of senders. The reputation-based filters can be used to block bad senders from the good ones. Next, you have signature-based blocks that can be used to stop emails, links, and communication with malicious senders. 

Sandboxing is an effective way of solving spear phishing attacks. Here, a controlled environment is created to ensure that emails with links and attachments are validated before it reaches the mailbox of potential recipients. 


Finally, you can use a secure email gateway to control the flow of emails. In this method, both signature-based and reputation-based detection is utilized. The Secure Email Gateway (SEG) is located outside the architecture of complicated programs like the Microsoft 365 Architecture.

Also Read

Related Articles

Please wait while your application is being created.
Request Callback