Glossary
What is spear phishing?
Spear phishing is a targeted phishing attack aimed at a specific individual or role. The attacker researches their victim and uses personal or work details — names, projects, vendors — to craft a highly convincing message that's far harder to spot than generic phishing.
How spear phishing differs from phishing
Ordinary phishing is sent in bulk to thousands of people. Spear phishing is precise: it targets one person with a message tailored to them, which makes it more believable and more dangerous.
Because the email references real details — a manager's name, a current project, a known supplier — the target's guard is down, and the success rate is much higher.
Example of a spear-phishing attack
A finance employee receives an email that appears to be from their CFO, referencing a real acquisition and asking them to process an urgent payment to a new account. Everything looks right — so they pay. That's spear phishing, often overlapping with business email compromise.
How to prevent spear phishing
- Verify unusual or urgent requests through a separate, known channel.
- Be wary even when an email seems to know personal details — that's the tactic.
- Use MFA and strict approval processes for payments and data access.
- Train high-risk roles (finance, executives, IT) with realistic, targeted simulations.
How HookPhish helps
HookPhish uses Advanced Human Detection to personalize simulations to each role's real risk, so high-value targets like finance and executives get the realistic practice they need.
Frequently asked questions
Why is spear phishing so effective?+
It uses real, personal details to build trust, so the message feels legitimate and the target is more likely to act without questioning it.
Who is targeted by spear phishing?+
Often people with access to money or sensitive data — finance staff, executives, HR and IT — but anyone can be a target.
How do I defend against spear phishing?+
Combine verification habits, MFA and strong approval processes with realistic, role-based simulation training.
Security training designed for people. Built for enterprise.
Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.
Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.
Book a personalized demo
Looking to become a partner? Use this form instead.