Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well targeted. The spearphisher emails users in a single business. The emails may appear to come from another staff member at the same company, asking you to confirm a username and password. Sometimes the emails seem to come from a trusted department that might plausibly need such details, such as IT or human resources. Links in the emails will redirect to a bogus version of the company website or intranet for stealing credentials. (See Email malware)