Spearphishing is targeted phishing using spoof emails to persuade people within an organization to reveal sensitive information or credentials.

Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well targeted. The attacker emails users in a single organization. The emails may appear to come from another staff member at the same organization, asking you to confirm a username and password.

Sometimes the emails seem to come from a trusted department that might plausibly need such details, such as IT or human resources. Links in the emails will redirect to a bogus version of the company website or intranet for stealing credentials.

(See Email malware distribution)

Back to Security Threats A-Z

Back to Threatsaurus Home

download Threatsaurus: A-Z of Threats
Download now