Spear Phishing — Technology Wiki

Overview

Direct Answer

Spear phishing is a highly targeted social engineering attack that uses personalised deceptive communications to manipulate specific individuals, teams, or organisations into disclosing sensitive information or granting system access. Unlike mass phishing campaigns, it exploits reconnaissance data about the victim to increase credibility and success rates.

How It Works

Attackers conduct detailed research on targets using public sources such as LinkedIn, company websites, and social media to gather names, roles, relationships, and business activities. They then craft messages that impersonate trusted contacts or organisations, referencing specific details that lower recipient suspicion and increase the likelihood of credential theft, malware installation, or wire fraud. The personalised nature of these communications makes them significantly harder to detect through automated filtering systems.

Why It Matters

Spear phishing poses substantial financial and reputational risk to organisations, often serving as the initial vector for data breaches, ransomware deployment, and insider threat facilitation. Regulatory compliance frameworks including GDPR and NIS2 require demonstrable security controls against such targeted attacks, making employee training and detection infrastructure critical investments.

Common Applications

Financial institutions face attacks targeting treasury and procurement staff to authorise fraudulent transfers. Healthcare organisations experience campaigns impersonating administrative personnel to access patient records. Enterprise security teams frequently observe phishing targeting executives and system administrators to compromise privileged accounts.

Key Considerations

Detection remains challenging because legitimate business communication patterns are exploited; organisational context and relationship verification become essential defences rather than purely technical controls. No single defensive mechanism addresses this threat comprehensively.

Cross-References(1)

Cybersecurity

Phishing

Related in Offensive Security

Cybersecurity

The practice of protecting systems, networks, and programs from digital attacks, unauthorised access, and data breaches.

Threat Intelligence

Evidence-based knowledge about existing or emerging threats to an organisation's digital assets and infrastructure.

Vulnerability Assessment

The process of identifying, quantifying, and prioritising security vulnerabilities in systems and applications.

Penetration Testing

A simulated cyberattack against a system to evaluate the security of its defences and identify exploitable vulnerabilities.

Red Team

A group of security professionals who simulate real-world attacks to test an organisation's defensive capabilities.

Blue Team

A group of security professionals who defend against both real attackers and simulated attacks from red teams.

Purple Team

A collaborative security approach combining red team attack knowledge with blue team defensive capabilities.

Intrusion Prevention System

A network security technology that examines network traffic to detect and prevent vulnerability exploits.

Ransomware

Malicious software that encrypts a victim's files and demands payment for the decryption key.

Malware

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information.

Zero-Day Vulnerability

A software security flaw unknown to the vendor that can be exploited before a patch is available.

More in Cybersecurity

Attack Surface Management

Offensive Security

The continuous discovery, inventory, classification, and monitoring of all external-facing digital assets to identify and reduce an organisation's exposure to cyber threats.

Zero Trust Architecture

Network Security

A security model that requires strict identity verification for every person and device accessing resources regardless of location.

Secure Access Service Edge

Network Security

A cloud architecture that converges networking and security services including SD-WAN, firewall, and zero trust access into a unified cloud-delivered platform.

Compliance Framework

Security Governance

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

Firewall

Network Security

A network security device that monitors and filters incoming and outgoing network traffic based on security rules.

Attack Vector

Offensive Security

The specific path, method, or scenario used by an attacker to gain unauthorised access to a system.

Cyber Insurance

Security Governance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Certificate Authority

Network Security

An entity that issues digital certificates, verifying the identity of organisations and encrypting communications.