Security glossary
What is spear phishing?
Spear phishing is targeted phishing aimed at a specific person, team, or role using tailored details.
Last reviewed: 2026-05-23
In plain English
Unlike mass phishing, spear phishing messages are personalized and often harder to spot.
Attackers use breach data, social profiles, and company context to make requests believable.
Executives, finance teams, creators, and public profiles are frequent targets.
Real-world example
A fake invoice email uses your team name, role, and real vendor language to request urgent payment.
What you should do
- Use out-of-band verification for sensitive requests.
- Require confirmation before changing payment or bank details.
- Train teams to challenge urgency and authority cues.
Related terms
What is social engineering?
Social engineering is psychological manipulation used to make people share information or approve harmful actions.
What is phishing?
Phishing is when attackers pretend to be trusted brands or people to trick you into giving passwords, codes, or payment details.
What are impersonation scams?
Impersonation scams happen when attackers pretend to be a trusted person, company, or support team to gain access or money.