Stay protected from the "Wanna DecryptOr" ransomware outbreak.     Learn More


Spearphishing is targeted phishing using spoof emails to persuade people within an organization to reveal sensitive information or credentials.

Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well targeted. The attacker emails users in a single organization. The emails may appear to come from another staff member at the same organization, asking you to confirm a username and password.

Sometimes the emails seem to come from a trusted department that might plausibly need such details, such as IT or human resources. Links in the emails will redirect to a bogus version of the company website or intranet for stealing credentials.

(See Email malware distribution)

Back to Security Threats A-Z

Back to Threatsaurus Home

download Threatsaurus: A-Z of Threats
Download now