Spear-phishing is a targeted attempt to steal sensitive information like login credentials or financial data by pretending to be a trusted contact. Unlike regular phishing, which casts a wide net, spear-phishing is aimed at a specific individual or organization. The attacker often uses personal details to make the message look convincing—like referencing a recent project or using a real colleague’s name—making it harder to spot. These attacks typically come through email but can also happen via text or messaging apps.
Example: One of the most well-known spear-phishing attacks happened in 2016, when hackers targeted members of Hillary Clinton’s presidential campaign. A fake Google security email tricked campaign chairman John Podesta into giving up his password, which led to a major leak of internal emails. This shows how convincing and damaging a single targeted message can be.