What is Spear Phishing?


Spring 2013 — Security News and Advice

Cybercriminals are now taking a personal approach when it comes to compromising your Internet security and collecting your personal information. “Spear Phishing” is an email scam that targets a specific group of users or a specific organization in an attempt to gain confidential information.

Regular phishing attacks, where millions of emails may be sent out purporting to be from trusted banks, governments and other institutions that hold personal data, can typically be detected by Internet security software. Spear phishing attacks, however, are more difficult to recognize because the set of targeted victims is smaller and the perpetrators may be “spoofing” the email address of someone from inside your company or organization by forging the email header information so it appears to be coming from someone you know.

In a recent spear phishing attack targeting U.S. military and national security officials, attackers posed as trusted colleagues in the State Department, Office of the Secretary of Defense and the Defense Intelligence Agency. The victims received an email that contained a link to a document entitled “Draft US-China Joint Statement” that, when clicked, took them to a fake Gmail login page that captured their login credentials and allowed the cybercriminals to monitor their email for several months.

Unlike regular phishing attacks, the message in a spear phishing attack typically contains information supporting the validity of the sender, and their request may seem logical. So how do you recognize the bad guys? To avoid getting hooked and to improve your Internet security, follow these simple tips:

  • Make sure you have a strong password, and change your password monthly. Passwords used for personal accounts should be different from the ones you use at work or for your business. That way, if your personal credentials are stolen, your business (or employer) won’t be put at risk.
  • If you receive an unexpected request to divulge personal information (whether the request be in the email itself or after you click on a link in the email), verify that the sender is indeed who they say they are. When in doubt, pick up the phone and call the purported sender.
  • Spear phishing attacks appear legitimate, and you may not realize you’ve been put at risk until after the fact. Using comprehensive Internet security software and keeping it up-to-date—in addition to your browser and operating system—will help protect you from viruses or malware that might have been included in an attachment or in a link.

Although these are clever attacks, if you take the time to investigate any suspicious requests you can protect yourself from spear phishing and the bad guys who are trying to lure you into revealing personal information.

Back to top


The Ultimate Security:

McAfee® Mobile Security 

McAfee® Mobile Security

Connect with confidence and protect your most personal device


PC Infected? Get Expert Help Now!

McAfee Virus Removal Service 

Connect to one of our security experts by phone. Have your PC fixed remotely – while you watch!


Available daily, 24x7.