Spear Phishing
A targeted phishing attack customized with personal details to deceive a specific individual or organization.
Full Definition
Spear phishing is a highly targeted form of phishing in which the attacker crafts personalized messages using specific information about the target — their name, role, colleagues, ongoing projects, or recent activities — to make the deception more convincing. Unlike bulk phishing, spear phishing sacrifices scale for precision.\n\nThe personalization data required for effective spear phishing is often sourced from LinkedIn, company websites, previous data breaches, and OSINT techniques. When a target's professional profile, email address, employer, and manager's name are all available in a breached dataset, the attacker has everything needed to craft a highly credible attack.\n\nSpear phishing is the most common initial access vector used by APT groups. It is used to deliver malware, harvest credentials, and gain footholds for longer-term campaigns. Executive targeting (whaling) is a high-stakes variant aimed at C-suite members.
Related Terms
Phishing
A social engineering attack using deceptive emails or messages to steal credentials or deliver malware.
Attack TypesSocial Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Attack TypesBusiness Email Compromise (BEC)
A social engineering attack that impersonates executives or vendors to authorize fraudulent transactions.
Attack TypesAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.