Heightened Cyber Security Concerns: How Common Is Spear Phishing?

Spear phishing is often confused with phishing, but there is a significant distinction between the two. Phishing e-mails are sent in bulk while spear phishing involves a very personalized attack on a victim. The messages sent are customized to specifically address the victim, claiming to be from someone familiar to them and includes some personal information (to create a reason to believe). Since such a cyberattack requires effort and research, it usually takes more time to plan them. The level of personalization is what makes these spear-phishing attacks so successful. The success rate of such attacks is high, and they operate through the following steps:

  • An e-mail from someone who the victim trusts
  • Information in the message that seems to be valid and
  • A logical request by the sender.

Spear phishing is also often confused with Whaling. But, Whaling is a different kind of cyberattack targeting only C level executives, politicians, or celebrities. Unlike Whaling, anyone can be a victim of spear phishing.

spear phishing prevention

An Alarming Picture Of The Rising Number of Spear Phishing Attacks

There is enormous amount of information available on the recent trends, figures, and stats about spear phishing. Here are some quick statistics to help the readers get an idea about how common is spear phishing.

  • In 2018, 83% of people worldwide received phishing attacks which resulted in various levels of disruption and damages.
  • As per the SANS institute, 95% of all attacks on business networks are because of successful spear phishing.
  • Almost 1.5 million new phishing websites come into existence every single month. The reason this is so common is that it takes very little money to set-up a fake website and if done successfully, brings a lot of money (or valuable information) to the adversaries.
  • 77% of spear-phishing attacks targeted only ten e-mail boxes and 33% of spear-phishing attacks aimed only one. 53% of phishing schemes in the last year lasted for 30 days or more, meaning the loss of a lot more money and information to the perpetrators.
  • As compared to regular phishing attacks, spear-phishing offers up to 40% more returns to the hackers.
  • Out of the 70% of people who became victims of recent spear-phishing attacks, 50% opened the links in their e-mails. They clicked on these links within an hour of receiving them.

These stats are alarming, and it is no surprise that 42% of IT professionals worldwide feel that spear phishing is one of the top three cybersecurity concerns. The reason being that Spear-phishing e-mails have an attribute or sense of urgency. It makes the victim panic and gives in the required details which they would not under normal circumstances.

Some Spear Phishing Examples

Here are some spear-phishing examples that will give you a clearer picture of the modus operandi:

  1. Suppose user posts on Facebook that they are traveling to China. They get an e-mail from a friend or colleague (or so it seems), suggesting they try this fantastic eatery in China, with a link to the restaurant’s location. Once the user clicks the link to locate the restaurant, malware gets installed on their phone or computer.
  2. Suppose your CEO is out on a business trip abroad and you receive an e-mail from him (or so it seems). It says that he has lost his wallet and phone and urgently needs you to wire $5,000 to a specific number.
  3. A hacker might impersonate a well-known/well-established brand to get access to an individual’s essential and confidential details. For example, hackers impersonate Apple or Microsoft to obtain unauthorized access to people’s information.
  4. Blackmail scams are also widespread where the hacker might claim to know some sensitive information about you. They reveal certain personal information to make you feel that they are not faking it. Then, the adversaries blackmail you into paying a fee for not disclosing the information that can compromise your privacy. These attacks are more common on LinkedIn, where a hacker can use multiple sources of information to craft a targeted attack mail.
phishing and spear phishing
spear phishing attack

Tips To Prevent Spear Phishing Attacks

Here are some measures which will help you understand how to prevent phishing attacks:

Use Artificial Intelligence

There are a lot of AI options available that can help the user to detect and block phishing attacks. AI has an advantage in terms of analyzing communication patterns and understanding the norm. Any abnormality or irregularity can be caught in a jiffy if AI is at play.

Supplement Traditional Security

Traditional Security might not be able to cut it when it comes to spear-phishing attack detection. Hence, there is a need to supplement it with something that can help you against these attacks. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technology which thoroughly analyzes the incoming mails to prevent any suspicious e-mail from passing through.

Deploy Multi-Factor Authentication

Using a layered authentication process instead of just a simple ID and Password makes for a high-security measure. It can help prevent many spear-phishing attempts and loss of money/info.

Comprehensive Training For Employees

For those running a business, they must train the employees and staff so that they are better prepared to deal with any situation of a phishing attack. Additionally, they can establish protocols to confirm any transmission of money requests that come through e-mail. They can also encourage the employees and staff to report any e-mails that look suspicious. Spear phishing protection should take precedence while training the employees to tackle common cyberattacks.

Encrypting Any Sensitive Information

File encryption is an excellent way to safeguard crucial business information. The following technologies greatly limit the damage from any invasive spear-phishing attempt:

  • Cloud storage
  • Hard drives
  • Passwords and security questions
  • Files (business contracts, audit reports, tax documents)
  • External storage (USB drives, external hard drives)
  • Internet activity (using a VPN or masked IP address)


It is quite clear that anyone in the world can fall prey to a spear-phishing attack, and no one is entirely safe. But education and information about such spear-phishing campaigns can help one identify and avoid any fraudulent activity. Thus, knowledge and training is the key to thwart such invasive attacks.

anti phishing software

Join the thousands of organizations that use DuoCircle

Find out how affordable it is for your organization today and be pleasantly surprised.

Interested in our Partner Program for MSPs and VARs? Visit Our MSP Partner Program.

Pin It on Pinterest