Feb 15 2023

Cyber Dawg

What helps protect from spear phishing?

Ah, spear-phishing – it’s like regular phishing, only smarter, and more pointed (seriously!). It’s fast becoming the weapon of choice for the more discerning scam artist, shall we say? But what exactly is spear-phishing? This article will provide a full explanation for the term ‘spear-phishing’ as well as giving you all the information you need on how to avoid being spear-phished. So, let’s get started, shall we?

What is Spear phishing?

Continuing the fishing analogy, the easiest way to understand what spear-phishing IS to firstly get to grips with what it ISN’T. Honestly, this is the simplest way!

Okay, so imagine regular one-size-fits-all phishing emails as a big net like the ones commercial fishing trawlers use. Big nets don’t discriminate and neither do classic phishing campaigns. Everyone’s a target!


Like the boats with their huge nets, classic phishing scammers cast a wide net (think Nigerian prince emails, and the like!), knowing that, of the thousands of emails they send, one or two may just reap a reward. It’s not specific or sophisticated, but it’s low effort, easy, and occasionally (though probably less and less often) it pays off.

Spear-phishing: The Basics

Spear-phishing is essentially the exact opposite of that. You see, spear-phishing is a targeted attack on a specific individual or organization, designed to trick them into divulging sensitive information or clicking on a malicious link. It’s like the scammer has taken a big, sharp spear and honed it to a fine point, just waiting for their unsuspecting victim to come within range.

#executive spear phishing

What we mean by this is they’ve done their due diligence; they’ve taken time to study their victim (or small group of victims), and, as such, their phishing attempt will be much more convincing. The prey has been carefully observed and studied and, as a result, it’s much more likely to successfully fool the poor little ‘phishies’. Who said learning about cybersecurity isn’t fun, eh?

Spear-phishing: It Doesn’t Discriminate!

So, don’t think you’re safe just because you’re not a high-level executive or government official. Oh no, spear-phishing can target anyone, from your grandma who loves to shop online to your weird neighbour who spends all day playing World of Warcraft.

In fact, it could be argued that the more prestigious your job (or the company you work for, at least), the more desirable you are to the ever-ambitious spear-phisher-man. Or woman. Spear-phiser-person. How’s that? More often than not, their goal is to blag access to the intranet (enclosed internet network) of some big, important company or organisation.

This pre-planning on the part of the scammer is often referred to as social engineering. Indeed, the hacker will often employ social engineering tactics to make the spear-phishing attack appear more convincing.

For example, they may send an email that looks like it’s from a trusted source, like your bank or your boss. They might even use your name and other personal information they’ve gathered from social media to make the email seem more legitimate.

But fear not, there are ways to protect yourself from spear-phishing! And this article will take you through each and every one of them so that by the time you reach the end, you’ll be bonified experts on the subject and can impart your new-found knowledge to all you meet!

Spear-phishing may be a dangerous weapon in the hands of hackers, but with a little bit of caution and common sense, you can avoid getting stabbed by their spear. So, stay alert, and don’t let those pesky phishers reel you in!

Stay tuned for our Top Tips on how to protect from spear-phishing…

How to protect against spear-phishing

As the internet continues to grow and evolve, so do the dangers that come with it. One of the most prevalent and insidious threats to individuals and organizations alike is spear-phishing. This form of cyber-attack uses personalized messages to trick victims into giving up sensitive information or access to their systems. But fear not, there are plenty of ways to protect yourself from these cunning attacks.

Education, education, education!

Firstly, education is key. Knowing what to look out for can make all the difference in avoiding a spear-phishing attack. The most common form of these attacks come in the form of emails that appear to be from a trusted source, such as a bank or a co-worker. These emails will often have urgent or enticing subject lines, and will contain a link or attachment that, once clicked, will install malware on the victim’s device or direct them to a fake website where they will be prompted to enter their login credentials.

Be Vigilant!

To protect against these attacks, it’s important to be vigilant and to never click on links or download attachments from unknown or suspicious sources. If an email appears to be from a bank or other financial institution, it’s always a good idea to go directly to the institution’s website instead of clicking on any links provided in the email. Similarly, if an email appears to be from a co-worker, it’s a good idea to double-check with them before opening any attachments or clicking on any links.

Use strong passwords!

Another way to protect against spear-phishing attacks is to use strong passwords and to never reuse passwords across multiple accounts. Autofill isn’t bad but password managers can help generate and store strong passwords, making it easier to keep track of them. It’s also important to enable two-factor authentication (2FA) wherever possible, as this provides an additional layer of security that can help prevent unauthorized access to your accounts.

Don’t overshare!

What about those particularly clever spear-phishing attacks that seem to know everything about you? Well, there are a few things you can do to protect yourself from these too. For starters, be careful about what you share on social media. Spear-phishers will often use information they find on social media profiles to craft personalized messages that are more convincing. By keeping your profiles private or limiting the amount of personal information you share, you can make it harder for spear-phishers to target you.

Use anti-phishing software!

Another way to protect against these attacks is to use anti-phishing software. These tools can help detect and block spear-phishing attempts before they even reach your inbox, providing an extra layer of protection against these threats.

Be Aware!

Finally, it’s important to stay up to date on the latest threats and vulnerabilities. Spear-phishers are constantly evolving their tactics and techniques, so it’s important to stay informed about the latest trends and to take steps to protect yourself accordingly.

FYI: Subscribing to Gone Phishing is a fantastic way to stay up to date on all the latest scams and tactics (including but not limited to spear-phishing!) so you don’t get caught out. Just saying.

To summarise, spear-phishing attacks can be a serious threat, but with a little bit of knowledge and preparation, it’s possible to protect yourself and your organization from these cunning attacks.

By staying vigilant, using strong passwords and two-factor authentication, being careful about what you share on social media, using anti-phishing software, and staying up to date on the latest threats, you can help ensure that you don’t fall victim to these insidious attacks.


For all you boomers, ‘TL;DR’ stands for ‘Too Long; Didn’t Read’, so if you managed to soldier through all the above, you might not want to bother with this brief recap… But maybe you should. So you don’t forget ???? Just kidding!

Spear-phishing is a type of phishing attack where attackers target specific individuals or organizations with personalized and convincing emails to trick them into providing sensitive information or performing certain actions. Here are some ways to avoid spear-phishing:

  • Be cautious with emails from unknown or suspicious senders. Look for signs of phishing, such as misspelled words, generic greetings, and urgent or threatening language.
  • Verify the sender’s email address and domain by hovering over the sender’s name or email address to check if it matches the known sender.
  • Do not click on links or download attachments from unknown or suspicious sources, especially if they are unexpected or come from an unknown sender.
  • Enable two-factor authentication (2FA) on all your online accounts to add an extra layer of security.
  • Keep your software and antivirus up to date, as attackers may use vulnerabilities in outdated software to deliver malware or other malicious content.
  • Educate yourself and your employees about spear-phishing and other types of cyber attacks, so they know how to recognize and respond to these threats.
  • Use a spam filter to block suspicious emails and phishing attempts.
  • Implement security measures like firewalls, intrusion detection, and prevention systems to protect against spear-phishing.
  • Encourage employees to report any suspicious activity or emails to the IT department immediately.
  • Use encryption tools to protect sensitive information when transmitting it over the internet or via email.

Thanks for reading. Now you have all the info you need to avoid becoming Phiserman’s Friends. Stay safe out there!

#phishermans friends