What Is Spear Phishing

Spear phishing is a form of fraud where cybercriminals target a specific person or business in a phishing attack. It’s one of many different types of phishing. It can pose a serious threat to individuals and organizations.


In this article, we’ll explain spear phishing, how it works, and how you can stay safe.

Before we start:


Have you been the victim of a spear phishing attack? Your Mac’s security may have been compromised. MacKeeper’s Antivirus scans your system and alerts you if there are any threats.

  1. Download MacKeeper and install it on your Mac.
  2. Open MacKeeper and select Antivirus in the left navigation bar.
  3. Click Start Scan.
  4. Delete any malicious files.

Definition of spear phishing attack

A spear-phishing attack is a targeted scam where a scammer poses as someone reputable to steal personal details or send malware. Spear phishing scams are addressed to individuals or organizations directly.


Unfortunately, this means they’re often successful.


Cybercriminals may pose as coworkers, family members, or trusted organizations such as your bank or government agencies. They may ask for personal information, tell you to transfer money, or encourage you to download malware.

Note from our experts: Not all targeted phishing attacks take place online. Scammers may also use text messages or phone calls.

The difference between phishing and spear phishing

Phishing is a scam where someone poses as a trustworthy person or organization. They may want to steal money or information or install malware on your system. They usually contact many people at once. However, spear phishing is personalized.


Scammers conducting spear phishing attacks target specific people or organizations. They may only contact you or others in your organization, rather than hundreds of people.


Cybercriminals carrying out general phishing attacks hope that they'll catch some victims by contacting enough people at once. There are many different types of phishing attacks, like the Apple ID scams.


However, spear phishing personalizes the attack. Victims are more likely to believe an email directly addressed to them from an apparently reputable source.

How does spear phishing work

Spear phishers put in some research time before beginning their scams.


Nowadays, it’s easier than ever to find information online. If you use Facebook, LinkedIn, or other social media sites, scammers may see where you work, live, and contacts. Your organization’s website or LinkedIn page may have a list of executives.


Once a scammer selects their target, social media and company websites can give them all the information they need to sound like a reputable contact. They rely on these social engineering tactics to sound trustworthy.


How does spear phishing work?

  1. Scammers research their targets online.
  2. They attack, emailing them and posing as a contact.
  3. They might ask for personal details, send links to fake login pages, or ask for urgent payments.

Signs of targeted spear phishing attacks

Fortunately, there are some common signs of spear phishing scams. Do any of these apply to the email you’ve received?

  1. Haste without reason
  2. Invalid email address
  3. Mistakes in text
  4. Attempts to obtain private information
  5. Links with a suspicious address
  6. Strange attachments

1. Haste without reason

Have you received an email that’s asking you to do something urgently? It might set an unrealistic deadline or claim that a payment is late. It may say a friend has lost their wallet or passport, or their phone is about to die—anything that pushes you to act quickly.


Cybercriminals know that giving you time to think also gives you time to reconsider. They’re more likely to get what they want if they tell you to act fast.

Hint from our team: These tactics can also be used for phishing scams over the phone—some scammers convince their victims to immediately withdraw money or purchase items for them.

2. Invalid email address

If the email claims to come from someone you know or trust, check whether the address is right.


If you aren’t sure what the correct address is, do a Google search. You may learn that emails from your bank will come from an email address ending in, so if you’ve received an email that looks different, it may be a targeted phishing attack.

3. Mistakes in text

Official emails from reputable companies should be well-written. At the very least, everything should be spelled correctly!


Look at the email and ask yourself:

  • Is your name spelled incorrectly?
  • Are there other spelling mistakes in the text?
  • Are there grammar mistakes, or places where the text just doesn’t sound right?

If you’ve answered yes to these questions, the email might be a phishing scam.

4. Attempts to obtain private information

Does the email ask for personal information? It may encourage you to open a link and fill in your details or download an attachment containing a form. Some emails may claim this is so you can receive a tax refund, send money to a relative, or update your company’s payroll records.


These might all be signs of targeted phishing attacks.


Even if the email appears to come from a trustworthy person, don’t share your bank account information, credit card details, or social security numbers unless you can verify that it’s genuine.

5. Links with a suspicious address

If there are any links in the email, do they go where they claim?

Important: Hold your cursor over the link to find out the address.

Cybercriminals might make fake login pages, forms asking for personal information, or sites asking you to make a payment. If an email claims to come from your bank or a trusted retailer, links in the message should take you to their website. If they don’t, the email could be a scam.

6. Strange attachments

Are you expecting to receive an attachment? Does the email explain what the attachment is? And does it sound plausible, coming from this sender?


Be wary of forms that ask for personal information, bank details, or information about your company.


If the sender claims to be someone you trust, contact them directly to ask about the attachment before opening it or following instructions.

Attention: Remember, even if it’s not a phishing email, attachments may still contain malware.

How to scan email attachments for malware before opening them:

  1. Save the attachment, but don’t open it.
  2. Open MacKeeper.
  3. Go to Antivirus and choose Custom Scan.
  4. Select your file, and choose Start Scan.
  5. If the file is infected, delete it.
MacKeeper's Antivirus screen. If you notice signs of targeted spear phishing attacks in an email, scan attachments before opening them.
Step 1. In MacKeeper, choose Antivirus and select Custom Scan.
MacKeeper's Custom Scan page. If you notice signs of targeted spear phishing attacks in an email, scan attachments before opening.
Step 2. Add items to the scan, and select Start Scan.
MacKeeper's Antivirus, with no threats found. If you experience targeted spear phishing attacks in an email, scan attachments before opening them.
Step 3. Take action if there are any threats.

How to prevent spear phishing

Much of the advice about preventing spear phishing scams is similar to the guidance on how to prevent phishing in general.


However, because spear phishing targets you as an individual or a member of an organization, it’s easy to let your guard down. That’s how so many victims get tricked each year.


Here are some guidelines to reduce your risk of becoming a victim of a targeted phishing attack:

  1. Be careful opening emails from strangers
  2. Security awareness on the internet
  3. Learn what the basic spear phishing tactics look like
  4. Multi-factor and adaptive authentication
  5. Security software
  6. Use VPN
  7. Keep your software up to date
  8. Use a password manager
  9. Use strong passwords
  10. Install antivirus software

1. Be careful opening emails from strangers

When you receive an email from a stranger, look critically at it. Are they asking you to do something for them or give them information? Have they included suspicious links or attachments?


However, as we’ve seen, even emails that appear to come from trusted contacts can be part of a spear phishing scam.

2. Security awareness on the internet

A lot of cybercriminals research targets on social media. We’re not advising you to stay off social media entirely, but you should be conscious of the phishing security risks.


Staying safe on social media means the following:

  1. Look at your privacy settings. What information can others see? Can they see your contacts before sending a connection request?
  2. Be careful who you add to your networks. Avoid connecting with strangers.
  3. Be thoughtful about what you post. Limit the personal information that you post, so scammers can’t use it against you. Listing your company on LinkedIn might be important, but you can avoid mentioning your child’s school.

3. Learn what the basic spear phishing tactics look like

In this article, we’ve explained what spear phishing is and how to spot some of the techniques.


Spear phishing relies on the fact that we want to trust and help people. But stay wary—remind yourself of how people may try to steal information or harm your system.

4. Multi-factor and adaptive authentication

Some scammers may get information about you by hacking into your email or other online accounts. Making it harder for cybercriminals to access your accounts can reduce this risk.


Multi-factor authentication requires you to use more credentials than just a username and password—perhaps an authentication app on your phone.


Adaptive authentication asks for more credentials when you log in from a new location or device.

5. Security software

When people think of security software, they may think of antivirus protection. However, security software can do much more.


Some Mac security software contains features such as:

  • Real-time malware scanning and removal as the basics
  • Cleaning services such as smart uninstallers, duplicate file finders, and ways to find and delete unwanted files
  • Performance-enhancing features, including ways to remove login items and clear your Mac’s memory
  • Privacy features, such as information about data breaches and ID theft, and VPN services

MacKeeper includes all of these. Its easy-to-use scans will let you know quickly whether your Mac has been compromised.


Install and use MacKeeper to keep your Mac safe:

  1. Download MacKeeper.
  2. Open the installer file and follow the instructions on the screen to install it.
  3. Open MacKeeper from the menu bar, Launchpad, or Dock.
The Install MacKeeper window on a Mac. Part of a guide on how to prevent spear phishing by installing security software.
Step 1. Download MacKeeper, and launch the installer file. Follow the steps on screen.
The Dock on a Mac, with the MacKeeper logo highlighted. Part of a guide on how to prevent spear phishing by installing security software.
Step 2. Launch MacKeeper from the Dock (pictured), Launchpad or menu bar.

6. Use VPN

A VPN (virtual private network) can increase your security online, making it harder for hackers to track you. It won’t stop people from researching your social media or sending unsolicited emails, but it can stop cyber criminals from watching your browsing habits.


How to use MacKeeper’s VPN:

  1. Open MacKeeper.
  2. In the left sidebar, choose VPN Private Connect.
  3. Choose your server location, and click Turn On.
MacKeeper's VPN service, Private Connect. Part of a guide on how to prevent spear phishing by using a VPN.

7. Keep your software up to date

Software companies regularly update their software to patch security vulnerabilities. Download the latest versions to ensure you’re not leaving your computer vulnerable to cybercriminals.


MacKeeper has a handy Update Tracker that helps keep your software current.


Use MacKeeper’s Update Tracker:

  1. Open MacKeeper.
  2. In the left sidebar, choose Update Tracker.
  3. Look at the app updates available, select the ones you want, and choose Update.
MacKeeper's Update Tracker, with updates listed. Part of a guide one how to prevent spear phishing.

8. Use a password manager

It’s important to use strong passwords and not repeat the same one—if one password is breached, hackers won’t have access to all of your online accounts.


However, we know that it can be hard to remember multiple passwords. Fortunately, password managers can help. They store your passwords, and you only need to remember the password for the password manager!


Your browser will probably have an in-built password manager. There’s also a variety of free and paid options available to download.

9. Use strong passwords

Even if you don’t use a password manager, make sure your passwords are strong.


Top tips for strong passwords:

  1. Don’t use the same password on multiple websites.
  2. Make your password long—the CISA recommends at least 16 characters.
  3. Don’t use anything easy to guess, like your child’s name or your birthday.
  4. Use a mixture of upper and lower case letters, numbers, and punctuation.
  5. Replace letters in a word or phrase with numbers or punctuation—make it easy for you to remember but hard for someone else to guess.

10. Install antivirus software

Antivirus software can’t prevent email scams, but it can help if you’ve fallen victim to a scam and downloaded malware. Scan your Mac regularly.


Use MacKeeper’s Antivirus to check for malware:

  1. Open MacKeeper.
  2. Choose Antivirus in the sidebar.
  3. Click Start Scan.
  4. If the scan finds any malware, choose Delete.
MacKeeper's Antivirus, as part of a guide on how to prevent spear phishing.
Step 1. Open MacKeeper and choose Antivirus. Choose Start Scan.
MacKeeper's Antivirus scanning a Mac. Two threats have been found. Part of a guide on how to prevent spear phishing.
Step 2. MacKeeper will scan your system.
MacKeeper's Antivirus, with two malicious files selected for deletion. Part of a guide on how to prevent spear phishing.
Step 3. Select any threats and choose Delete. Confirm that you want to delete them.

Final words

We know that email scams can be confusing—and scary. What is spam? What is spear phishing, and how can you avoid it?


If a targeted phishing attack has tricked you, you’re not alone.


Speak to law enforcement or your company or bank, if necessary. Download comprehensive security software and familiarize yourself with the signs of a phishing attack to avoid it happening again.

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.



MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Read more

Spyware on Mac
Spyware on Mac
How to Change Privacy Settings on Mac
How to Change Privacy Settings on Mac

Run Application


Click Continue


Click Install


Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.