Spear Phishing


Phishing emails have no specific target, they contain no personal information about you. However, spear phishing emails will appear to be from an individual or business that knows you. They usually “know you” from information placed on social media sites or from Web sites and Blogs that you may have.


There is a high probability that information, which may be of interest to a potential Scammer, can be found on social media sites which you use.

You may at some point have posted links to your Web site or Blog. These in turn may have your telephone number and an email address. Friends may have mentioned about that birthday you had just last week or provided information that leads to your home address. Perhaps you recently purchased an item from an on-line store, which you have told all your “friends” about.

Such information can be put together by a potential Scammer to construct a more convincing phishing attack.

The salutation on a spear phishing email will therefore be personalized. It may refer to a "mutual friend," or to a recent online purchase you've made. By including such information they hope to make you less vigilant and be more likely to give them the information they ask for, your credit card details, bank details and passwords.

Their intention is of course to do you some financial harm. It may be a shopping spree with that credit card you verified for them. Or they may visit that on-line retailer you mentioned and use the password that you entered on their bogus Web site.

The email will always ask for some urgent action and indicate some financial gain or potential loss, to tempt you to act before you thinking.






Many phishing emails will be caught in Spam filters before they reach your inbox. Spear phishing emails will not be, increasing your chances of becoming a victim. 

Your first line of defence is to be wary about what information you provide on the Internet and who has access to it. All social media sites have privacy settings so you can control what information is available to a would be Scammer. Some information on how these settings work can be found here.

Secondly, you need to use strong passwords and have a different password for every site you visit.

Software is available to manage mutiply passwords securely and also to create strong random character passwords for you.

Lastly and most importantly, you just need to remember that no legitimate business or organisation will ever email you asking for passwords or account numbers. If someone does it's a Scam.

Most financial institutions have a means of reporting phishing emails, forward it on to them for further investigation.

If you have been a victim of fraud, report it to Action Fraud. (Contact details are on our Home page).