Definition of spear phishing

Spear phishing is the use of highly personalised emails by hackers to create initial footholds on victims' networks. These spear-phishing emails are often well written and appear to be sent from a personal associate of the target.

Typically, if a target replies they might receive a perfectly reasonable response back which would encourage the trust of the target. A subsequent email might then include an email attachment that would launch a malicious program.


spear phishing in the news

In February 2013, the New York Times, Wall Street Journal, Washington Post and Twitter all said that hackers had either attempted to gain access or succeeded in gaining access to their systems.  A likely method of hacking might have seen employees tricked into visiting an infected website by a “spear phishing” email that was designed specifically for its individual recipient, experts said. In July 2012, the US Department of Homeland Security was quoted as that spear phishing was now the most common method of cyber attack. 

FT Articles & Analysis