Spear Phishing
Targeted phishing attack
Example
I almost got tricked by a spear phishing email but verified that the sender's address was illegitimate
Related Slang
Social engineering | Tricking people into sharing information |
Rugged | Scammed |
Rug pull | A cryptocurrency scam |
Catfish | To assume a false identity |
Fugazi | Fake |
Sock puppet account | A fake online identity |
DBEYR | Don't believe everything you read |
TGTBT | Too good to be true |
Spear phishing is a cyber attack targeted toward specific individuals, a group of individuals, or an organization to steal financial or personal information. It features personalized information, which differs from traditional phishing attacks that employ a vaguer, scattershot approach.
The name comes from spearfishing, which involves a spear being hurled at fish to kill them. Spear phishing typically incorporates personalized information a user has shared in emails and social media that an attacker gathers and compiles to craft a custom attack.
What does spear phishing look like?
Attackers may spear phish in various ways, but the most common method is a direct email that includes a malicious file attachment or link and requests urgent action from the victim. The best way to combat spear-phishing attacks is to verify the sender's identity by contacting them directly.