What are the differences between Phishing and Spear Phishing?

Let us understand the concepts of Phishing and Spear Phishing before learning the differences between them.


It is generally done to obtain sensitive information like credit card pins, email id password, social messaging site password .It is a technique or method by which the attacker tries to access the data of a normal person, company or any institution and steals the information.

It is done by sending page to user via email or SMS that is similar to the original web page and user login to that fake page and enter details and these details are then fetched by hackers

Phishing is general practice by which the attackers randomly target the group of users by sending emails to steal the data or information. These Emails look like these have originated from banks, social media like Facebook sites etc.

These phishing techniques vary into different categories like Spear Phishing, Vishing, SMishing etc.

Spear phishing

It is the most convenient method of targeting a specific user or company to get access illegally and steal the data or information.

Unlike the general phishing which is a broad, automated attack that is less sophisticated, on the other hand Spear Phishing is a customized attack on a specific employee, user or company.

The attacker uses the medium through which the attacker sends the emails, links contained with malware to the targeted user, employee or company.

As the user opens the links or emails, Malware gets downloaded to their system and therefore the attacker steals the sensitive information like Bank Details, Credit card information, Login passwords etc.

Given below are some incidents in which the user has been hacked by the use of Spear Phishing −

  • In 2016, Russian Hacker Group stole and published private information about the U.S Olympic Athlete like SIMON BILES.

  • In 2014, a Hacker stole Photos of celebrities like JENNIER LAWRENCE and KATE UPTON.

  • “DON’T GET FOOLED” the legal and Lawful never ask for sensitive information through Emails.


The major differences between Phishing and Spear Phishing are as follows −

PhishingSpear Phishing
Phishing emails use a broad-strokes approach which involves sending bulk emails to massive lists of unsuspecting contacts.
Spear phishing is personalised and targeted to a specific individual, or organization.
phishing is low-effort and not tailored to every victim
Spear phishing takes much more work but is significantly more rewarding when successful
There are scores of victims with phishing
Handful of victims involved in spear phishing attack
Phishing is an automated attack
Spear Phishing is a manual attack.
Phishing is less sophisticated.
Spear Phishing is more sophisticated.
Generally Phishing is done for money
Spear Phishing is done to ruin an organization.