Spear Phishing

Spear phishing is a targeted form of phishing where attackers craft personalized messages aimed at specific individuals or organizations. Unlike mass phishing campaigns, spear phishing emails are researched and customized — they may reference the target's name, company, role, recent activities, or business relationships to appear legitimate.

Spear phishing is the preferred attack method of APT groups targeting the defense industrial base. Attackers research their targets using LinkedIn, company websites, and other public information to create convincing emails that are much harder to detect than generic phishing.