---
title: "Spear Phishing Prevention for Small and Medium Size Businesses | DuoCircle"
description: "- Spear phishing is prevalent and costly - How to spot a spear phishing email - How to detect if you’ve been spear phished - Spear phishing prevention is."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/"
---

Quick Answer

Spear phishing is personalized, attackers tailor the email to look like it came from someone the recipient trusts, which is why it has been linked to most of the largest publicized breaches (JPMorgan Chase, eBay, Target, Anthem, Sony, multiple US government agencies). For SMBs without dedicated security staff, prevention rather than reactive protection wins: enable DMARC at quarantine or reject so attackers cannot spoof your own domain to your staff; deploy link-scanning that evaluates URLs at click time; require MFA on email and any system that handles money; train finance and executive staff to verify wire and banking changes by phone using known-good numbers; and segment financial approvals so no single email triggers a payment.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fspear-phishing-prevention-for-small-and-medium-size-businesses%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Spear%20Phishing%20Prevention%20for%20Small%20and%20Medium%20Size%20Businesses&url=undefined%2Fblog%2Fphishing-protection%2Fspear-phishing-prevention-for-small-and-medium-size-businesses%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fspear-phishing-prevention-for-small-and-medium-size-businesses%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fspear-phishing-prevention-for-small-and-medium-size-businesses%2F&title=Spear%20Phishing%20Prevention%20for%20Small%20and%20Medium%20Size%20Businesses "Share on Reddit") [ ](mailto:?subject=Spear%20Phishing%20Prevention%20for%20Small%20and%20Medium%20Size%20Businesses&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fspear-phishing-prevention-for-small-and-medium-size-businesses%2F "Share via Email") 

![Phishing Prevention](https://media.mailhop.org/duocircle/images/2018/12/spf-record-tester-2115.jpg) 

## What is spear phishing?

Table of Contents

Toggle

- [What is spear phishing?](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#What%5Fis%5Fspear%5Fphishing)
- [Spear phishing is prevalent and costly](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#Spear%5Fphishing%5Fis%5Fprevalent%5Fand%5Fcostly)
- [How to spot a spear phishing email](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#How%5Fto%5Fspot%5Fa%5Fspear%5Fphishing%5Femail)
- [How to detect if you’ve been spear phished](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#How%5Fto%5Fdetect%5Fif%5Fyouve%5Fbeen%5Fspear%5Fphished)
- [Spear phishing prevention is better than spear phishing protection](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#Spear%5Fphishing%5Fprevention%5Fis%5Fbetter%5Fthan%5Fspear%5Fphishing%5Fprotection)
- [What to do if you’re a small business worried about spear phishing](/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/#What%5Fto%5Fdo%5Fif%5Fyoure%5Fa%5Fsmall%5Fbusiness%5Fworried%5Fabout%5Fspear%5Fphishing)

Spear phishing is when you receive an email from someone or some company you trust. It looks legitimate. It may even have the names and extension number of coworkers. It looks authentic, so you don’t give it a second thought. But you should, because it’s from an attacker, and they’re _trying to steal your valuable information._ Do you have reliable [email phishing prevention](https://www.phishprotection.com/content/phishing-prevention/) security?

Unlike [phishing emails](/email/phishing-protection), _spear phishing_ emails are personalized. They’re crafted to make you think it’s from someone you know. With all that personalization, phishing emails are **extremely hard to detect**. And because they’re so hard to detect, they’re more effective. Which means they’re used a lot.

## Spear phishing is prevalent and costly

Spear phishing has been associated with most of [the largest cyberattacks in recent history](http://blog.cloudmark.com/2016/01/13/spear-phishing-secret-weapon-in-worst-cyber-attacks) including the attacks on JPMorgan Chase, eBay, Target, Anthem, Sony and various departments within the U.S. government.

According to [Wombat’s 2018 State of the Phish](https://www.wombatsecurity.com/hubfs/2018%20State%20of%20the%20Phish/Wombat-StateofPhish2018.pdf) survey, _76% of respondents said they experienced a spear phishing attack_. And it’s not just large enterprises. Small companies are just as likely to be affected according to the survey.

Being the victim of a spear phishing attack can be costly too. As cited in a 2017 report, the average cost of a **phishing attack** costs a mid-size company [$1.6 million](https://phishme.com/wp-content/uploads/2017/11/Enterprise-Phishing-Resiliency-and-Defense-Report-2017.pdf). But the hit on a company’s reputation may be even worse.

According to [Deloitte](https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/consumer-business/deloitte-uk-consumer-review-nov-2015.pdf), one-third of respondents said they would stop dealing with a business following a cyber-security breach, even if they do not suffer a material loss. Likewise, according to [Aviva](http://www.out-law.com/en/articles/2015/july/info-security-professionals-are-business-brand-preservationists-says-aviva-security-chief/), after a company is breached, 60% of customers will think about moving and 30% actually will.

## How to spot a spear phishing email

There are telltale signs of a spear phishing email. Here are seven things to look for if something doesn’t seem right:

1. The email requests **personal information**
2. The email contains a link where the link text **doesn’t match the URL**
3. The email contains a link and the URL has a **misleading domain name**
4. The email contains a link and the URL starts with **http and not https**
5. The email contains poor spelling and grammar
6. The email appears to be from a government agency
7. The email has a misplaced **sense of urgency** (e.g., please respond in 48 hours or your account will be locked)

[![phishing email](https://media.mailhop.org/duocircle/images/2018/12/spf-validator-4485.jpg)](https://media.mailhop.org/duocircle/images/2018/12/spf-validator-4485.jpg)

## How to detect if you’ve been spear phished

[Spear phishing](/email-security/spear-phishing-takes-advantage-of-your-employees-trust/) attacks can steal passwords and empty bank accounts\*\*.\*\* So, what happens if you actually click on a link in a suspicious email and it takes you to a web page? The first thing to do is to look for the telltale signs mentioned above. Does it request personal information? Are you at the URL you expected? Does the URL begin with http or https? Is there poor spelling and grammar? Does something not seem right?

If an account of yours has been compromised, that too will leave telltale signs. You may see a new sign-in alert from your account. Your sent folder may have messages in it you didn’t send. If, after you do sign in or provide your information, you get an error message, or a “service temporarily down” message, or nothing at all, it’s likely you’ve been phished.

## Spear phishing prevention is better than spear phishing protection

One way to protect against spear phishing is to train users to **recognize and report suspicious emails**. But there is something even more effective than [spear phishing protection](/email-security/link-click-protection-prevents-spear-phishing-attacks/) and that’s [spear phishing prevention](/email/phishing-protection). Using technology to prevent the spear phishing email from reaching the end user in the first place.

> The best way to prevent spear phishing is to analyze emails before they reach you or your company.

Before users ever get a chance to click on a link. [Cloud-based email protection solutions](/) provide a buffer to check emails for suspicious links before they reach your corporate network or your **hosted email service provider**.

Link can’t just be checked in emails prior to arrival though. They must also be checked after the email arrives, when the link is actually clicked. Every time it’s clicked. Because attackers have the ability to send a spear phishing email from a website that initially appears unthreatening, post-delivery protection is essential.

## What to do if you’re a small business worried about spear phishing

Cloud-based **email protection solutions** offer two levels of protection: before the email reaches the end user and after it arrives, when the user actually tries to click on a link.

If you’re a small business, on a limited budget, but you still would like to be protected from spear phishing by using the latest **cloud-based solutions**, there’s good news. You can now get **advanced phishing technology** at prices that fit your budget.

To learn more about how Duocircle can protect your small or mid-size business from spear phishing attacks, [click here](/email/phishing-protection).

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Phishing 11m  AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough  Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[  Phishing 5m  10 Applications of ChatGPT that Hackers Are Already Exploiting  May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[  Phishing 4m  65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks  Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[  Phishing 9m  7 Ways to Protect Your Organization from Email-based Ransomware Attacks  Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Spear Phishing Prevention for Small and Medium Size Businesses","description":"- Spear phishing is prevalent and costly - How to spot a spear phishing email - How to detect if you’ve been spear phished - Spear phishing prevention is.","url":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/","datePublished":"2018-12-03T21:09:02.000Z","dateModified":"2025-05-22T12:54:26.000Z","dateCreated":"2018-12-03T21:09:02.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/"},"articleSection":"phishing-protection","keywords":"","wordCount":849,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2018/12/spf-record-tester-2115.jpg","caption":"Phishing Prevention","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"Spear Phishing Prevention for Small and Medium Size Businesses","item":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Spear Phishing Prevention for Small and Medium Size Businesses","item":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Spear Phishing Prevention for Small and Medium Size Businesses","description":"- Spear phishing is prevalent and costly - How to spot a spear phishing email - How to detect if you’ve been spear phished - Spear phishing prevention is.","url":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/","datePublished":"2018-12-03T21:09:02.000Z","dateModified":"2025-05-22T12:54:26.000Z","dateCreated":"2018-12-03T21:09:02.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/spear-phishing-prevention-for-small-and-medium-size-businesses/"},"articleSection":"phishing-protection","keywords":"","wordCount":849,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2018/12/spf-record-tester-2115.jpg","caption":"Phishing Prevention","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```