What is the difference between phishing and spear phishing?

January 21, 2020

According to Wikipedia, Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing attacks are typically delivered via email and often direct recipients to enter personal information at a fake website. This tends to be a more “spray-and-pray” approach for bad actors. The emails look like they are legitimate but typically not very personal. An example of a phishing email is below.


Spear phishing, on the other hand, this is more personal and directed at specific individuals. Attackers research their victims and send very specific attacks to their targets. This is by far the most successful type of attack for bad actors as 91% of all cyber attacks use spear phishing techniques. Below is an example of a spear phishing email.


Phishing and Spear Phishing are actually examples of a broader technique called social engineering. According to Wikipedia, social engineering “…refers to psychological manipulation of people into performing actions or divulging confidential information.”

There are other forms of social engineering, such as whaling, baiting, smishing, among others. We’ll talk about all these different types in a future blog post. 

Also, the anonymized images above are real examples of attacks Graphus detected and included a warning banner to alert the recipient(s). If you’d like protection against social engineering, phishing, spear phishing, and other cyber attacks, try Graphus out today! Click the button below to get started!

Get a Demo of Graphus