Phishing or Spear Phishing: what is the difference?

Phishing is an attack technique that is fairly well known to the general public. But do you know what's so special about spear phishing?

The word "phishing" comes from the English word "fishing". Phishing is therefore an attack technique which, like fishing, involves throwing a hook at your victim in the hope that they will take the bait.

Phishing: a large-scale attack

The aim of phishing is to gather personal information (login details, personal data, bank details) by pretending to be a trusted third party. The two main tools used to carry out phishing attacks are email and websites.

The idea is simple: pretend to be a trusted third party and redirect the Internet user to false capture pages (e.g. a false login page) that will ask them to enter personal information, which will then be shared with the attackers.

The particularity of phishing is that it is a very large-scale attack: a phishing message can be sent to several thousand recipients at once, without any particular personalisation.

Spear Phishing: looking for big fish

Spear phishing, on the other hand, is much more targeted. It works in the same way as phishing and has the same objectives. However, it uses different methods.

The main difference lies in the targeting of the victim and the personalisation of the attack.

Spear phishing is characterised by the upstream targeting of victims, who are not attacked at random (a company director, a politician, etc.), and by the sophistication of the attack, which is truly tailor-made.

So while it is possible to protect yourself against the main national phishing campaigns, how can you protect yourself against spear phishing attacks, which are targeted and personalised, and therefore extremely deceptive for the victims?

Protecting your personal data

Spear phishing is largely made possible by the amount of personal information we leave online. We share our holiday snaps and photos of our children, sometimes revealing their names, birthdays and other details!

A hacker who wants to carry out a spear phishing attack therefore starts by finding out about his victim by collecting all the information he can find online.

The more personal information you leave online, the more opportunities you give attackers to carry out targeted attacks against you. So be vigilant and share as little information as possible online.

Don't be fooled by precise information

This is the whole principle of Spar Phishing: the attacker has such precise information about you that you are convinced you are dealing with a trusted third party. How else would they know all this? This is precisely the mistake the attackers want you to make.

Bear in mind that there are a whole host of ways of obtaining precise, targeted information about individuals, especially when you have the necessary hardware, software and skills. Accurate, correct and consistent information should never be enough to give you confidence.

Check the identity of the person you are speaking to

You should always check the identity of the person you are speaking to, even if it means wasting a little time. The possible consequences of a successful spear phishing attack would be far more disastrous than simply wasting time.

You should also bear in mind that legitimate contacts will never reproach you for being cautious: they are used to having their identity stolen, so they will understand perfectly well that you need to be reassured.

To find out more, take a look at the phishing attack prevention checklist (updated in 2023), and learn more about the various solutions available to protect you against phishing and spear phishing attacks.

Related blog posts:

• "Artificial intelligence: a help or a danger for cybersecurity?"

• "Darknet, dark web, clear web or deep web?"

• "Social engineering and FOVI"

Did you enjoy this blog post?

Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!

Find out more about our employee training and awareness services!

We need your answers!

By completing this survey, you will help us to better understand your interactions with our site and your potential needs.

Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information will be asked of you!

Thank you for your responses!

Would you like to be informed of our news and receive our latest blog articles directly in your mailbox? Subscribe to our monthly newsletter!

Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!