.png&w=384&q=75){kind=small}
What is Spear Phishing?
Spear phishing is a targeted email attack where criminals research a specific person and craft a message designed just for them. Unlike mass spam, these emails reference real details about your job, your colleagues, or recent company events to appear legitimate. They are the number one way attackers breach organizations today.
How a Spear Phishing Attack Works
Research the target
The attacker studies LinkedIn profiles, press releases, and social media to learn the target's role, who they report to, and what projects they're working on.
Craft a believable email
Using that research, they write an email that looks like it came from a trusted colleague, vendor, or partner — referencing real names, real projects, and real deadlines.
Deliver a malicious payload
The email includes a link to a fake login page or an attachment that installs malware. Because the message looks authentic, the target is far more likely to click.
Establish a foothold
Once the target enters their credentials or opens the file, the attacker gains access to internal systems and begins moving laterally through the organization.
Real-World Example
A mid-size law firm lost $2.3 million after an attacker researched a partner's LinkedIn, discovered they were closing a real estate deal, and sent a convincing email impersonating the title company with updated wire instructions. The email referenced the correct property address, closing date, and attorney names — all gathered from public sources.
How AiVERSARY Detects Spear Phishing Risk
AiVersary's OSINT reports identify exactly what personal and organizational information is publicly available that attackers would use to craft spear phishing emails against your team. The report flags high-risk employees whose public profiles expose enough detail for a convincing attack, and recommends specific steps to reduce that exposure.
Is your organization exposed to spear phishing?
AiVERSARY scans your public footprint and identifies the exact data attackers would use against you. $499 per report.
Get Your Threat ReportRelated Terms
Business Email Compromise
Business email compromise is when an attacker impersonates a senior executive — usually the CEO or CFO — to trick an employee into wiring money or sharing sensitive data. These attacks don't require any malware or hacking; they rely entirely on convincing someone that a fraudulent request is coming from their boss. The FBI reports BEC has caused over $50 billion in losses worldwide.
Whaling
Whaling is a form of phishing that specifically targets senior executives — the "big fish" in an organization. These attacks are highly personalized, well-researched, and designed to exploit the authority and access that come with leadership positions. Because executives can authorize large transactions, access sensitive data, and override security procedures, a single successful whaling attack can have catastrophic consequences.
Pretexting
Pretexting is when an attacker creates a fabricated scenario — a "pretext" — to trick someone into sharing information or performing an action they normally wouldn't. Think of it as method acting for criminals: they invent a believable character and situation, then play that role convincingly enough to bypass your team's natural skepticism. The quality of the pretext depends entirely on how much real information the attacker can gather beforehand.
OSINT Reconnaissance
OSINT reconnaissance — Open Source Intelligence gathering — is the first phase of nearly every targeted cyberattack. It's the process of collecting publicly available information about an organization and its people to plan an attack. Everything from your company website and LinkedIn profiles to job postings, DNS records, and conference presentations becomes intelligence. This is exactly the same process AiVersary uses, but we do it first so you can fix what's exposed.