Skip to main content

Tip of the Spear: Phishing or SpearPhishing?

May 20, 2013

Ever wonder what the difference between phishing and spearphishing is?  What about whaling? As someone in the information security business, I get asked about that a lot. Here's a quick overview highlighting those differences.


Phishing attacks are generally exploratory attacks targeted at a broad audience. They usually involve a combination of social engineering and technical deceit in an effort to manipulate victims into opening file attachments or clicking on embedded links in an email. Phishers are trying to obtain sensitive data, personally identifiable information or user/network credentials that can lead them deeper into an organization and closer to the crown jewels. A basic attack is distributed en masse or blasted out like spam.


SpearPhishing is a targeted version of phishing that usually focuses on a specific company and combines tactics such as sender impersonation, personalization of the intended victim, enticement and access-control bypass techniques such as email filters, antivirus, and IDS/IPS evasion. The goal of a spearphishing attack is ultimately the same as a phishing attack—to coerce a target into opening an attachment or clicking an embedded link—but it is much more sophisticated and elaborate.

Spearphishing focuses on specific individuals within specific organizations. Attackers will mine social media sites such as LinkedIn or Facebook and personalize or impersonate users so that the spearphishing email is extremely accurate and compelling. Once a link is clicked or an attachment is opened, the door to the network is established, allowing the attacker to move forward with the advanced targeted attack.

Spearphishing attacks can also be viewed within the context of an Advanced Persistent Threat (APT). Cybercriminals conduct APT attacks via spearphishing through the introduction of malware, Trojans, key loggers, port listeners and multi-vector attacks. The goal of an APT is to establish sustainable, long-term access to an organization’s information assets, and a successful spearphishing attack can readily achieve that goal.


Whaling is very similar to spearphishing, but is a more specific form of attack targeted at corporate upper management with the intent of obtaining confidential company information. Whaling involves the use of an email or webpage that appears legitimate and contains a high sense of urgency. The whaling attack will target individuals by name and is often disguised as a legal subpoena, client complaint or internal executive directive.

The Bottom Line

Whatever you call it, any form of phishing can lead to the compromise of sensitive information.  Perform frequent testing of your security awareness programs to include simulations of spearphishing attacks in order to gauge the effectiveness of your awareness programs and controls that are intended to reduce the likeliness of success from these types of attacks. 

FishNet Security offers customized professional services that can address phishing/spearphishing attack simulations as well as comprehensive training solutions. The most effective defense against these potentially devastating attacks is a combination of testing, training and awareness.

Related Blogs

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

September 16, 2014

Phishing with Smitty: A Unique Tool for Solicitation Attacks

This post will introduce you to the Smitty SMTP utility, which is a fully featured email client. We use this tool as a means to effectively deliver em...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

September 19, 2017

Governance Risk and Compliance Services

Optiv works with your organization to optimize its investment in RSA Archer.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.