Skip to main content

Solutions for
Solutions by Industry


Our Story
Talk to a CIO

How to Spot a Scam: Spear Phishing

What is “Spear Phishing”?

Last week we took a look at phishing in general, this week we’ll be looking at a less common, albeit more dangerous type of email scam. In the case of spear phishing, scammers do a bit more research to find personal information about their potential victim. They then use this personal information to create more targeted and believable email scams.

These emails are less common because of the effort they take to create, but spear phishing emails account for the majority of successful phishing attempts. The personalized touch goes a long way in securing the trust of unsuspecting recipients—and at a much higher rate than the average phishing email. 

Spear Phishing vs. Phishing

Phishing emails often come disguised as communications from legitimate, familiar brands. However, spear phishing goes a step further by including specific personal information within the email. 

A regular phishing email may appear as a minimally personalized communication from a large brand. For example, a message from Netflix asking you to pay a phony invoice. A spear phishing campaign, on the other hand, “may address you personally, use a familiar greeting, or appear to come from a colleague, acquaintance, friend, or a higher-up in your organization,” as stated in this NYU article. The added personal details make spear phishing much more believable than other scam emails. 

An example of Spear Phishing:

As with other phishing attempts, scammers will use a technique called Spoofing. This is when a scammer “disguises their email address, sender name, phone number, or website URL,” as described by this FBI report, “often just by changing one letter, symbol, or number.” While spoofing is used in most phishing attempts, it is usually more subtle to spot in spear phishing emails. If you look closely, there are usually clues that the email may be unsafe, as in the example below.

Photo source:

Note how the email is ostensibly from a higher up at the organization being sent to an employee. That is a common tactic in these types of scams. Closer inspection reveals a mismatch between the scammer’s email address and email sign off. Also notice how the scammer mistakenly calls the university by two different names. While the scammers may do more research than usual in these emails, they still often make mistakes like these.

What can you do to protect yourself?

The steps to protecting yourself from Spear Phishing are similar to the ones you would take to protect yourself from other scam emails.

  • Double-check email addresses and URLs for misspellings or other oddities.
  • When in doubt, don’t click a link or download an attachment.
  • Use two-factor authentication (2FA) when possible.
  • Install and regularly update a trusted cybersecurity software
  • Keep software and systems up-to-date.
  • Review your accounts regularly for suspicious activity.
  • Use strong, unique passwords for each individual login.
  • Create regular backups of your data.

When dealing with organizations, we like to add one more bullet point to that checklist. In addition to all the rest, we suggest that organizations run phishing simulations. Unlike your run-of-the-mill phishing attempts, many employees are completely unaware about spear phishing. Many employees would not expect that an urgent email request from their superior could actually be a spear phishing attempt. The best way to combat this is with education.

If you are interested in running a phishing simulation in your organization, or would like to discuss other ways to strengthen your cybersecurity processes, please call 818-832-2310 or email

That’s all…for now!

Thanks for reading another installment of our series on how to spot scam emails. Keep an eye out for our next one where we will be talking about “Whaling,” an even more sophisticated version of phishing that targets business owners directly.

Back to Latest Posts