Spear phishing: What it is and how you can protect yourself

No, we’re not talking about someone stranded on a tropical island, trying to find food. a person blocking a phone with his hand, with unopened envelopes and fish hooks

Spear phishing, like whaling and regular phishing, is one of the many scams that cyber criminals use to steal your information or even your money. It is often used to target businesses or organizations, but individuals can also be victims. Spear phishing is a common tactic that can cost you. In fact, it cost Canadians $14.4 million in 2020Note i .

Here’s how you can protect yourself against spear phishing.  

What is spear phishing?

Like regular phishing, spear phishing comes from scammers pretending to be something or someone they’re not. The difference is that spear phishing is a targeted attack focusing on one specific victim. Instead of a blanket message to a large audience, cyber criminals collect information on their targets beforehand, so that they can create a personalized message or pretend to be someone their target knows.

One way that fraudsters prepare for spear phishing is by collecting information that is available online. A cyber criminal might use information from your social media accounts to learn about your interests, but more importantly they can see and learn about your network of friends, family and colleagues. This can help them trick you by pretending to be someone you know and trust.

Once they have the information they need, cyber criminals may impersonate someone you know, a colleague in your workplace or a service you’re using to try to convince you to do something you otherwise wouldn’t. This could include asking you for a payment or some other kind of valuable information.

Spear phishing could look like:

  • An email from the accounting department at your work asking you to provide an invoice.
  • An email from your boss asking you to send your banking information for direct deposits of your paycheque.
  • An email from a friend that contains a suspicious link or attachment about your favourite music or sports team.  

Warning signs

Like other cyber security threats, being cautious is crucial to protecting yourself from spear phishing. But this can be challenging when you don’t know what to look out for. Here are a few signs to keep in mind when it comes to spear phishing.

Suspicious emails

If you get a weird email or are contacted by someone you normally wouldn’t hear from, it could mean someone is targeting you in a spear phishing scam. This could be a message from someone you don’t usually connect with or from an email address that is misspelled or has an incorrect domain name.   

Odd requests

An email that includes an unusual request or something that doesn’t follow regular procedure or pattern is a sign that something might be off. Cyber criminals may also ask for you to keep their request a secret so that you won’t confirm their identity or verify whether their request is legitimate. Odd requests could include your boss asking you to buy gift cards for a “surprise” or someone asking for information they don’t typically need.  

Pressure or threats

If a message contains a suspicious amount of pressure or urgency, it could be a scammer trying to force you into action. They may even go as far as threatening you or offering you a reward if you do as they ask. Common threats include disciplinary actions, such as firing you. Rewards could be anything from raises and bonuses to a big promotion.    

How to protect yourself

Here are a few methods for making sure you don’t become a victim of a spear phishing scam:

Limit the information you make public

When you post on your social media accounts, you don’t always know who’s looking.  Cyber criminals can use what you post publicly to create personalized spear phishing scams with you or one of your contacts as the victim. Be careful what you post and keep your personal information private so that cyber criminals can’t use it to scam you.   

Don’t open it

If an email or attachment seems strange, don’t open it or respond to it. These emails may have a slightly different name or address than you’re used to or contain unfamiliar information and attachments. It’s always best to confirm that a message is legitimate before acting. Take a moment to hover over the email address or link with your cursor to make sure it is correct. If you’re not sure, contact the sender directly through another method, such as a phone call.   

Update, update, and update!

Making sure your software and security systems are up to date can help keep you protected from spear phishing, as well as other risks. Software updates grant you access to new features, fix bugs and glitches and keep your personal information secure. All of this helps to defend you against cyber attacks.


Spear phishing scams are common and can result in the loss of important information or money. Keep an eye out for warning signs like strange emails or links, as well as requests that are odd or of unusual urgency. Limiting how much information you share publicly on your social media profiles, being cautious if something seems off and regularly updating your software and security systems can help keep you safe from spear phishing. Remember, don’t get reeled in – if it seems “phishy”, don’t bite!

  1. i

    Bulletin: 2020 Top 10 Frauds Targeting Canadians, Canadian Anti-Fraud Centre, February 1 2021

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: