What Exactly Is Spear Phishing?

Not all phishes were created equal.

Spear phishing is a variation on the more commonly known scam of extracting information that would be useful to someone who is trying to rip you off.

This type of phishing uses familiarity in order to trick it’s victims into handing over their personal details or confidential account information.

Typically, spear phishing begins with the all too familiar email from the credit card company or bank.



The email’s contents may vary but in essence it will always state some reason why the victim needs to urgently login to their account, perhaps to change their password or to¬† update their details.

I’m sure you’ve received a good few of these emails, I know I have.

What would you do, however, if such an email was actually addressed to you and came from someone you knew and trusted?

There’s a chance, and the scammer relies on this, that you would click on the link in the email to find out what it is all about.

If you do, you’ve been phished!


Spear Phishing extracts important information from it’s victims via manipulation in a technique known as ‘social engineering’.

The weakest link in computer security has nothing to do with machines, it’s the users of them.

Taking that into account, social engineering takes advantage of a human’s tendancy to believe anything that they are told by a source that they trust.

Phishing schemes are always evolving and becoming cleverer and more complex as those behind them realise that targeted email campaigns work significantly better than randomly issued phishing attempts.


The relative success of spear phishing means, unfortunately, that such attempts are gaining in frequency.

If you haven’t been on the end of a craftily deceptive email yet then there’s a good chance you soon will be.

Whilst spear phishing attempts may be harder to spot that standard phishing scams, they are just as easily avoided with the application of a little common sense.

Therefore, you should always remember to never click any links contained within emails that lead to banking or other financial web pages and you certainly shouldn’t be entering any information whatsoever if you click on one by mistake.

If you follow that simple piece of advice then the chances of you being phished are virtually nil.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. Sometimes they find email addresses by crawling the web, sometimes by buying mailing lists and sometimes by guessing.

  2. I must get a dozen emails a day that try and trick me into giving out info I don’t wanna give. How do these people get my email address?

Speak Your Mind