• HOME
  • Spear phishing: What is it, and can you protect your organization from it?

Spear phishing: What is it, and can you protect your organization from it?

Threat actors rely on many types of cyberattacks. Some involve sending large numbers of messages to email addresses at random and hoping for a response from a few of them. Meanwhile, others focus on the quality of the messages and tailor their content to target someone specific. These attack types vary based on the end goal that the threat actor is aiming to achieve. 

While it requires extra effort from attackers to tailor messages, the ease and availability of AI tools makes cyber threats easy to create and disseminate. In fact, 74% of IT personnel have reported that AI is a major challenge in combating threats. This shift in the cyber threat landscape has called for a major shift in a company's security policies. 

One of the threats that continues to be successful because of AI—despite advanced security systems—is spear phishing. In this article, we'll take you through the basics of spear phishing, how to identify spear phishing attacks, and ways to protect your organization from these attacks. 

What is spear phishing?

Spear phishing is a type of phishing attack in which threat actors design their attack email with a specific individual or organization as the target. Instead of sending emails in bulk, designing their email for a specific target increases the likelihood of a successful attack. 

To design and propagate a spear phishing attack, threat actors make use of tools such as social media, public profiles of employees or the company, and website information to get sufficient details about who they're targeting. This helps them plan an attack that captures the target’s attention while nudging them into believing that the email’s source is legitimate.

The end goal of these attacks is most commonly a request to share sensitive information such as account credentials, financial statements, or credit card numbers, installing malicious software that can spy on the target or nudge them for money transfers. 

The difference between phishing and spear phishing

The main difference between phishing and spear phishing is quantity vs. quality. Attackers who send phishing emails focus on sending a high volume of emails in the hope that a few people take the bait and help them further their attack. However, due to their highly targeted nature and the amount of research that goes into the emails, spear phishing emails are fewer in number but more effective. 

To better illustrate the difference, here are two real-world examples.

An example of phishing

In 2019, threat actors sent emails impersonating a Netflix email address. They copied the email template used by Netflix for their customer communication and created an email using a similar design and content. They impersonated the Netflix domain, which made users fall prey to the email. 

Users across the globe received emails faking multiple scenarios. Some mentioned that their previous payment hadn't gone through and that the payment information needed updating. They were told that their account would be suspended if they failed to update the information. Fearing an account block, multiple users took action and faced financial losses. 

Many users received these emails. While the attackers targeted leaked email addresses of Netflix users, emails were also sent to other non-subscribers, making this a phishing attack.

An example of spear phishing

Ubiquiti, a tech company, suffered a spear phishing attack, in which they lost millions. Threat actors conducted extensive research into the company's employees. They looked into the payment approval modes that the company follows and impersonated a top-level executive of the company. 

It remains unclear whether the email came from a spoofed address or if the executive’s actual account was compromised. However, the email targeted the finance team member who had access to perform high-level transactions in the company. Believing the email to be from their company, the finance team performed the requested money transfer. The company reported about $46.7 million in losses, a small amount of which could only be recovered. 

In this attack, threat actors conducted extensive research into the company's practices and crafted the attack in a way that got past their defenses. It was also designed with Ubiquiti as the target. The targeted nature of this attack makes it a spear phishing attack. 

Why are spear phishing attacks so effective?

Companies are increasingly adopting advanced email security measures to keep email threats at bay. However, spear phishing continues to be one threat that evades most security measures. According to U.K.-based AAG, 65% of known hacker groups use spear phishing attacks because they're so effective. This is attributed to several factors. 

Trusted sender: Most commonly, the threat actor impersonates a known brand or a high-ranking employee within the company. If the email originates from trusted brands such as Amazon, Netflix, or Microsoft, users are more likely to take the required action. Similarly, if the email appears to be from someone well-known in the company, the inherent trust placed on the sender nudges them to take an action on the email. 

Contextual nature: Spear phishing attacks involve a lot of research and effort on the attacker's part. They put in work to tailor the attack email to suit the context of the company or the individual they're targeting. When someone receives an email mentioning company processes or details that's ideally known only to company members, there's little room for doubt that it could be an external sender. 

Social engineering tactics: Like most cyber threat emails, spear phishing attacks also deploy certain tactics to induce fear and anxiety. They use a tone which creates a sense of urgency and psychologically manipulates their victims to take immediate action, without doing due diligence. There's also an undertone of authority, which creates a feeling that the target must heed the request immediately. 

Realistic scenarios: Because of the amount of research that goes into the attack, threat actors create scenarios that seem realistic. By scouring social media or LinkedIn profiles of employees, they get an idea of the company's practices. For example, if they know that the company is in partnership with a certain vendor, they might use a pending payment to the vendor as the basis of the email they're drafting. This convinces the recipient that the email is genuine. 

The impact of spear phishing attacks

A successful spear phishing attack leads to a series of consequences. Understanding the possible aftermath and educating your employees will help you enhance your cybersecurity measures with more conviction. 

Most cybercriminals are looking for an immediate payout after their attack because they want to avoid detection. These emails often have a financial motive at their core, leading to huge financial losses for the company. Other times, the threat actor may be after sensitive proprietary data that would be of high value to competitors. They may want to steal such important data to sell it outside. Sometimes, the threat actor may attempt to inject malware into the company's system through a malicious attachment download. 

In certain advanced attacks, the threat actor may aim to monitor a company’s activities, avoiding any detection of a breach. In such cases, they stay on the company's network without any activity. These are called advanced persistent threats (APT). This technique is used by hackers in attacks that they plan with a long-term goal, such as to collect super-sensitive data, over a prolonged period. 

How to identify a spear phishing email

If you find a spear phishing email in your mailbox, identifying and reporting it is the best course of action. Here are some checks that can help you determine the nature of the email.

Verify the sender details

The legitimacy of any email is directly related to its sender. On a basic level, every recipient must check the sender details to ensure it's genuine. This includes verifying the username, the sender domain, and the email address. It's important to check for typos and check if the domain name is a close resemblance to the original domain. The return path of the email gives you an idea about where the email replies will be routed. 

Check the subject line

The email subject of phishing attempts is usually pushy, with an urgent or alarming undertone. Some examples include, “Immediate action needed”, “Payment failed and account blocked”, and “Process vendor payment immediately”. Most genuine emails try to convey the intent of the email without causing alarm to the sender. Moreover, vendors provide a grace period before canceling the account, even if there is a payment issue. These alarming subject lines should be approached with caution.

Read through the content

In spear phishing emails, the content tries to reference the internal workings of the company to establish a sense of familiarity. If there's something suspicious about the content, be wary. Also, if you receive payment failure or password reset emails from the provider, check the website if you feel that it's unsolicited. The website will have accurate information, even if the email seems suspicious. If the website mirrors similar actions, you can continue to take the required action.

While opening a spear phishing email by itself isn’t dangerous, it's vital that you don't click on any links or open any attachments. Replying to the email with sensitive details could also lead to a potential data breach or leak. If you find an unsolicited attachment with the email, avoid clicking on it. Similarly, hover over links to see if the redirection seems legitimate and that the URL doesn’t have any typos. This will help you be sure before revealing any sensitive details.

Attain further confirmation

If you're suspicious about an email but still can't verify its legitimacy, clarify the purpose of the email through a different medium. Call, message, or directly meet the email sender to attain confirmation about the request. It's possible that the sender's email account alone is being hacked or impersonated. Having another medium of approval alerts them about the breach while confirming the nature of the request.

How to protect your business from spear phishing attacks

Even though spear phishing emails have become increasingly successful in recent years, educating your employees about the possible indicators of such emails and adopting a security-first approach can help combat them. Here are some guidelines that can be followed.

Avoid oversharing information

Issue a company-wide mandate that sharing too much information about their professional life and their work in the organization is not permitted. Employees should not share important client details on social media or other platforms like LinkedIn, but they can be free to share basic details about the project they're working on. Employees should also be aware that they cannot shoot personal pictures in sensitive areas of the company and post them on social media. This could lead to unintended data leaks.

Conduct security awareness trainings

Employees can only protect themselves and their organization from what they’re aware is unsafe. Conduct trainings for your employees about the latest cyber threats. Bring in a security expert who can illustrate these threats with real-life examples to ensure employees have all the necessary information. These trainings should happen alongside orientation for new employees to ensure they don't become the target of the next attack. 

Educate employees about the possible indicators

Every spear phishing email has certain indicators. While it's not possible for all of them to be detected by the human eye, being able to spot what's amiss might help in ensuring better security. Train your employees to identify these emails and assess how well-aware they are through regular phishing simulations. Based on their expertise, you can conduct more training for selected employees if required. Also make sure you have clear processes in place when your employees need to report a malicious email.

Update software regularly

Threat actors keep looking for ways to penetrate an organization's defenses. A simple vulnerability in a software used by your company is all that's needed. While picking software solutions for your company's needs, have your IT team perform necessary checks to ensure their security standards are in line with yours. If an application issues an update with patches or bug fixes, it could be to ensure a security vulnerability is fixed. Therefore, instruct your employees to update all software promptly.

Provide role-based access

Threat actors most often focus on extracting money from their targets. With spear phishing attacks in an organization context, the payments are huge. Therefore, for any payment request, ensure that there are multiple levels of approvals that need to be attained. Also make sure that only select employees have the permission to perform high-level actions such as vendor payments or sensitive information sharing. Provide sufficient training and access restrictions to employees who can perform these actions.

Build a security-first culture

Your company attains utmost protection only when your employees' goals are aligned with those of the larger security vision of the company. Building a robust security culture takes sufficient observation and training from the top management, IT admins, and the employees. Put security at the core of your company's principles and reward employees who uphold the practices that are formulated by the company.

Deploy an email security solution

Not every threat email can be spotted by the human eye. Cybercriminals have grown smarter by using AI to create threats. To combat the increasing sophistication of cyberattacks, investing in an email security solution is a smart move. Email security solutions are trained to spot anomalies, test attachments and links in a secure sandbox, and verify the authenticity of the email sender. With such advanced security protocols defending your emails, your organization can stay protected from spear phishing and other email threats.


eProtect is a cloud-based email security and archiving solution that provides an additional layer of security for email accounts. The solution offers advanced threat detection mechanisms that can secure on-premise and cloud email accounts from evolving email threats. eProtect is the security solution powering Zoho Mail, a platform trusted by millions of users.

Leave a Reply

Your email address will not be published. Required fields are marked

By submitting this form, you agree to the processing of personal data according to our Privacy Policy.