What is spearphishing? How do you set up effective protection?

by Stephane

Anyone can be the target of computer attacks. As technology develops, hacking techniques, the nature of computer viruses and the methods employed by hackers are constantly evolving. You’ve probably heard of phishing! But are you familiar with spearphishing?

Are you an IT manager or the director of a company, association, bank or corporation? You need to be aware of the various threats to the security of your business and your digital data.

What is phishing? What is spearphishing? What are the differences between the two?

With regard to phishing

Phishing is a hacking technique used by computer hackers to obtain personal or business information such as passwords, access codes, bank details…

Hackers who use this technique often use a classic technique of sending emails to their victims, asking them to log on to fake pages or download malware. Once the username and password have been entered by the victim, the hacker recovers this valuable and sensitive information. Hackers exploit this digital data to make online purchases, or even to sell it for industrial espionage.

With regard to spearphishing

The term spear phishing can be translated as “targeted phishing”. Its principle is almost identical to phishing (impersonation of the sender). In this case, the hacker will pretend to be someone you know, or an establishment you trust or have worked with in the past. It uses several techniques to trick you into opening corrupted attachments, whether via email or a fake website. You guessed it! Spearphishing is a more sophisticated technique than traditional phishing.

Why is spearphishing used?

Hackers using spearphishing not only try to steal money, but also sensitive and personal information by entering your company’s network.

These malicious people often send emails or links to fake sites to employees, enticing them to download infected attachments. Speaphishing is used by small-time crooks and criminal organizations alike. The number of companies, banks and corporations falling victim to these cyberattacks continues to rise. For all these reasons, it’s essential to raise awareness among your staff and employees, and secure your company’s information system with new solutions and tools such as professional antivirus software.

How to identify a targeted phishing attack?

It’s not always easy to recognize and quickly detect a spearphishing attack. Targeted phishing is often based on sending a promotional offer that’s too good to be true!

Hackers can also impersonate employees of the same company or collaborators. It is therefore important to check the sender’s address before downloading any file or attachment.

Although targeted phishing is the simplest form of cyberattack, it’s also one of the most effective and dangerous!

Targeted phishing: risks for banks and businesses

Spearphishing targets companies, institutions and banks. Cybercriminals aim to gather as much sensitive information as possible for online purchases, to damage a company’s reputation or for industrial espionage.

The consequences of targeted phishing can be irreversible and disastrous. All digital data are targets for phishing (banking data, cash flow data, production data, research and development plans, completed transactions, corporate development strategy, etc.). A study by the Ponemon Institute estimates that the average cost of stolen digital data for a company is around 148 euros.

In addition to the financial impact, spearphishing can damage a company’s reputation, leading to problems with customers and employees, and a freefall in sales.

How can you protect your company and employees from speaphishing attacks?

Conventional security methods and techniques are insufficient to counter targeted phishing attacks. Several more stringent measures need to be put in place to ensure optimum protection of your IT assets against spearphishing attacks. To guard against this threat, you need to start by educating your staff and employees about IT risks. Speaphishing mails should never land in their inboxes. You therefore need to set up one or more IT tools to filter incoming messages on your company’s mail server. You can also install professional antivirus and antimalware software like ALTOSPAM to protect all mailboxes on your company network.

Employees should always adopt the right reflexes by remaining vigilant and reporting suspicious emails to IT managers. The use of personal e-mail must also be strictly controlled at work. Computer workstations on which employees consult their personal e-mail are becoming more vulnerable to computer attacks and spearphishing attempts.


According to a report entitled “Internet Crime Report” produced by the FBI in 2018, companies’ financial losses due to phishing exceed 100 million euros / year in the USA alone. Spearphishing attacks are on the rise exponentially. To prevent your company from becoming one of the victims of these attacks, you need to focus on these 3 points: Raising team awareness, implementing an effective IT security strategy, investing in new hardware and new, more effective solutions. In short, prevention is better than cure!

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …