What is “Spear Phishing” and How Can You Protect Your Business?

What is “Spear Phishing” and How Can You Protect Your Business?

You have probably heard of email phishing, but what you may have never heard of before is “spear phishing”. This is a scam where small businesses like yours are the target. This scam comes in the form of an email that looks as if it came from a business or individual you know, but actually comes from criminal hackers who are looking for your sensitive company data like passwords, credit card information, and other financial information.

Phishing emails typically look like they are coming from well-known, large companies or sites that have a big membership base such as PayPal or eBay. Once the hackers gain your company’s sensitive information, they can use this data to create new identities, use credit card information or access bank accounts.

In some cases, these phishing emails are used to trick you or your employees into clicking links that lead to the downloading of malicious malware or codes that are embedded in the emails. They can gain access to trade secrets and sensitive internal communications. Once they hijack your company’s computers, they can organize them into a large set of networks known as botnets which are used for denial of service attacks. Luckily, there are precautions you can take to guard yourself from these intrusions.

You can protect your business from spear phishing by:

  • Knowing and educating your employees that most banks, agencies and other companies typically don’t ask for personal information through email messaging.
  • Using a phishing filter which often comes in plug-ins or the latest web browsers.
  • Not following any links from emails to a secure site; instead, you should manually enter URLs.
  • Not making your passwords too simple or guessable.
  • Using multiple passwords instead of a “master password.”
  • Updating your software when software vendors send you notices to do so.


Since spear phishing scams are cleverly customized, standard security usually does not stop their attacks. They are often hard to detect. It only takes one of your employees to mistakenly click on a link in a spear phishing email to compromise your entire company.

You need to ensure your employees are aware of the threats and educate them on how to stay away from them. In addition to education, it is also important to use special technology that is designed with email security in mind. You should also protect your company with cyber liability insurance to cover you against any liabilities that are result of the breach of personal information through spear phishing.