What is spear phishing?
Spear phishing is a more targeted form of phishing where the message is tailored to the recipient. It may use names, job titles, supplier details, or recent business context to look convincing.
Simple example
A finance employee receives an email that appears to come from the managing director and refers to a real supplier payment that is due.
Why it matters
Targeted messages are harder to spot than generic scams because they can include details that make them feel legitimate.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Limit public exposure of staff roles and email addresses where practical.
- Verify unusual payment or data requests through a second channel.
- Train staff on targeted impersonation tactics.
- Use MFA and strong mailbox security controls.
- Create approval steps for urgent or unusual requests.
Reactive steps
- Pause the transaction or request until it is verified.
- Preserve the email and headers if possible.
- Check whether any credentials were entered or attachments opened.
- Review mailbox activity and forwarding rules.
- Escalate quickly to IT or Cyber Doc if money or sensitive data may be involved.
Related terms
- Phishing
- CEO fraud
- Social engineering