Spear Phishing vs Phishing: Know the Difference

Spear phishing is a form of phishing attack in which the attacker researches their target and then personalizes their phishing email. Where most phishing attacks involve generic mass emails, spear phishing attacks are more tactical: these hand-crafted emails fit right in with the target’s inbox, increasing the odds the victim will fall for the scam.

How Phishing Works

Phishing attacks are a form of social engineering in which the attacker sends their target a deceptive email, in hopes their prospective victim will send them money or leak sensitive info or account credentials.

Most phishing attacks involve mass emails, such as the generic Nigerian prince example. These all-purpose emails can be copied, pasted, and sent to thousands of people with minimal customization. Here’s a typical example:

Dear Friend,

I hope this email finds you well. I write to ask for your aid in remitting a sum of $18.4 million. These funds were awarded as part of a government contract, and I want to safely move them out of my country under your supervision.

My name is Adomas Masiulus and I am the Director of Extraction for the Lithuanian Department of Energy. It is in my power to move this money to a safe destination. All I ask from you is that you safeguard these funds. For your service, you would be eligible to transfer 15% of this money to your own personal accounts.

It is necessary that you handle this business with the highest discretion. Should you do so, the profits described above can be arrived at with a minimum of personal risk.

Kindly reach out to me for further information at a.masiulus@gmail.com.

I eagerly await your reply.

Sincerely,

Mr. Adomas Masiulus

Someone could send this phishing email to a million people, and it would apply equally well to all of them. That’s also what makes this easier to detect: why would a complete stranger trust you with millions of dollars?

How Spear Phishing Works

In a spear phishing attack, the scammer researches their target and then handcrafts a personalized email. By taking a more thoughtful approach, the attacker can create an email that looks just like one you would expect to receive. As a result, spear phishing emails are usually much harder to detect than the typical phishing email.

Because spear phishing attacks rely so heavily on personalization, no one example can give an adequate picture of what these emails look like. You can see a few in our Spear Phishing Examples article.

Because spear phishing attacks are so much more time-intensive than regular phishing attacks, they’re generally used against high-value targets, such as enterprise businesses and political organizations. Spear phishing is one of the most common tactics deployed by persistent threats, such as the Russian hacker outfit that successfully penetrated the DNC in 2016.

Spear Phishing Vs Phishing: Comparison Table

Spear Phishing AttackTypical Phishing Attack
Personalized emailGeneric email
Carefully researchedFire and forget
Targeted to one personSent en masse
Fits in with your inboxOut of the blue
Time intensiveQuick & dirty

What About Whaling?

Whaling, or whale phishing, refers to an even more specific type of spear phishing that exclusively targets the highest value targets – these scammers are only interested in catching a whale.

A whaling attacker is less likely to take a quick payout once they’ve compromised an account. Instead, they’ll use that account to compromise more accounts, in hopes of snagging a CEO. Once they’ve compromised one account, they can send emails from that address, at which point they’re nigh indistinguishable from the real person.

How to Protect Yourself From Phishing & Spear Phishing Attacks

First off, the best way to protect yourself from all types of phishing attacks is to think carefully before clicking any link in an unsolicited email. You can never trust that an email sender is who they claim to be; through a technique known as email spoofing, hackers can even falsify the “From” line, making an email appear to have been sent from an address of their choosing.

From there, the phishing email will route you to a phony website or fake phone number, where the scammer will then ask you to hand over sensitive information, such as your credit card number or bank login details.

Instead of clicking a link in an email, look up the company’s website independently. If you have questions about the email, you can contact them directly, via the contact info publicly posted on their website.

When it comes to spear phishing emails, you can make it much harder for them to personalize their approach by limiting what you share online. Scammers frequently look up their targets on social media platforms, such as Facebook and LinkedIn. By limiting who can see your account – and what you post in public – you make it that much harder for attackers to research you and prep their attacks.

Stay safe.

About the Author

Find Michael on LinkedIn

Michael X. Heiligenstein

Michael X. Heiligenstein is the founder and editor-in-chief of the Firewall Times. He has six years of experience in online publishing and marketing. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. He graduated from the University of Virginia with a degree in English and History.

3 thoughts on “Spear Phishing vs Phishing: Know the Difference”

  1. I have dedicated my time to do these although am not supposed to be doing but the laudable job Henry did for me worth more than what i paid for,l have never dream of getting my husband phone call details and receiving his whatsapp and text messages(not even anytime soon).The day i started receiving all his messages that was the day l promised to come back to where l saw recommendation about him and join the good people to spread and share my experience. Married women pls contact him via email: Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp him on +12014305865, or +17736092741, and be saved from the bondage subjected by those selfish men.

    Reply
  2. Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, Henryclarkethicalhacker@gmail.com, and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.

    Reply
  3. I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp him on +12014305865, or +17736092741..

    Reply

Leave a Comment