10 Examples of Spear Phishing Attacks

In 2025, spear phishing continues to be a major cybersecurity threat. This type of attack targets specific individuals within organizations using personalized emails to deceive them. These attacks often result in significant financial losses and data breaches.

• Spear phishing attacks pose significant cybersecurity risks, leading to substantial financial losses, operational disruptions, and reputational damage.
• Between 2013 and 2022, the FBI's Internet Crime Complaint Center (IC3) reported over $50 billion in losses due to compromised email incidents, including spear phishing attacks.
• In 2023, 64% of financial services organizations experienced ransomware attacks, with many originating from spear phishing emails, leading to significant operational downtime and recovery costs.

These phishing statistics underscore the critical need for robust cybersecurity measures to mitigate the risks associated with spear phishing attacks.

How Does Spear Phishing Work?

Spear phishing is a targeted phishing attack that tricks the victim by pretending to be a trusted source.

Attackers gather personal and professional information about their target from social media and company websites. Using this information, they craft a fake email that appears to come from a trusted source, such as a colleague or business partner, and include personalized details to enhance its credibility.

The email contains a malicious attachment or a link to a fake website. When the target opens the attachment or clicks the link, malware is installed, or the target is asked to enter sensitive information. The malware then steals sensitive information like login credentials and financial data, or the stolen information is used to access secure systems and secure networks.

With the stolen credentials or access, the attacker performs malicious activities such as transferring funds, stealing data, or launching further attacks within the organization. They may also send more phishing emails from the compromised account. Finally, the attacker covers their tracks by deleting sent emails and using tools to hide their identity and location.

Understanding this process helps develop effective defense measures against spear phishing in cybersecurity.

10 Examples of Spear Phishing

There are various spear phishing attacks, each using different vulnerabilities to trick targets. Here we list 10 widespread spear phishing examples:

1. Business Email Compromise (BEC)

• Scenario: In Business Email Compromise (BEC) scenario, an attacker impersonates a company executive and emails to the finance department requesting a wire transfer.
• Real Case: In February 2025, the FBI in Houston, in collaboration with the Dutch National Police, seized 39 online domains associated with the sale of hacking and fraud-enabling tools. Operating since 2020, the group known as "Saim Raza" or "HeartSender" provided phishing kits and other tools to transnational crime groups, resulting in approximately $3 million in losses for U.S. victims. These tools were instrumental in executing BEC schemes and stealing online credentials (Source: Houston Chronicle).

2. Whaling

• Scenario: A spear phishing attack targeting high-profile individuals like CEOs or CFOs.
• Real Case: In June 2024, Iranian state-sponsored hackers, identified as Mint Sandstorm (also known as Charming Kitten or APT35), launched a spear-phishing attack against a high-ranking official in a U.S. presidential campaign. The attackers used a compromised email account to send a malicious link, aiming to gather intelligence and potentially influence the electoral process. This incident highlights the use of whaling techniques to infiltrate political campaigns and access sensitive information (Source: Axios).

3. Fake Invoices

• Scenario: An attacker sends a fake invoice to the accounting department, appearing to come from a legitimate vendor.
• Real Case: In this spear phishing attack example, in November 2024, threat actors abused DocuSign's Envelopes API to create and distribute counterfeit invoices resembling legitimate documents from well-known brands like Norton and PayPal. Targeting with a fake invoice spear phishing attack, by utilizing DocuSign's platform, attackers bypassed traditional email security measures, sending these fake invoices from authentic DocuSign domains. Victims, believing these invoices to be genuine, were tricked into authorizing unauthorized payments (Source: Cyber Material).

Read our guide to learn more phishing examples to protect your organization.

4. Stealing Login Credentials

• Scenario: An attacker sends an email with a link to a fake login page to steal credentials.
• Real Case: In October 2024, the Russian state-sponsored group known as Midnight Blizzard (also referred to as APT29 or Cozy Bear) initiated a sophisticated spear phishing emails. The attackers sent highly targeted emails to individuals in sectors such as government, academia, defense, and non-governmental organizations. These emails contained malicious Remote Desktop Protocol (RDP) configuration files, which, when executed, connected victims' devices to servers controlled by the attackers, facilitating unauthorized access and potential credential theft (Source: Microsoft).

5. Spear Phishing for Malware Delivery

• Scenario: An email with a malicious attachment that installs malware when opened.
• Real Case: Since June 2024, the China-linked threat actor known as MirrorFace has been conducting spear-phishing campaigns primarily targeting individuals and organizations in Japan. The attackers delivered backdoors named NOOPDOOR and ANEL through carefully crafted spear phishing emails. These malware variants provided persistent access to compromised systems, allowing for extensive surveillance and data theft (Source: The Hacked News)

6. Impersonation of Trusted Contacts

• Scenario: An attacker hacks into a trusted contact’s email account and sends spear phishing emails to their contacts.
• Real Case: In 2018, the City of Atlanta was hit by a ransomware attack initiated through spear phishing emails sent from compromised accounts of trusted contacts, leading to the encryption of city data and systems.

7. Fake Job Offers

• Scenario: An attacker sends a fake job offer email to gather personal information or install malware.
• Real Case: In 2019, North Korean hackers used fake job offer spear phishing emails to target security researchers, convincing them to download malware presented as job-related documents, resulting in compromised systems and data.

In August 2024, spear phishing emails targeted recruitment officers with emails containing malicious files disguised as resumes. Upon downloading and executing these files, victims inadvertently installed the More_eggs backdoor, a malware-as-a-service tool used to steal sensitive information, including online banking and email credentials. This campaign, attributed to the Golden Chickens group, underscores the risks associated with handling unsolicited job applications (Source: The Hacker News)

8. Tax-Themed Phishing

• Scenario: An attacker sends an email posing as the Internal Revenue Service (IRS) or a tax service provider during tax season.
• Real Case: In April 2024, the Internal Revenue Service (IRS) highlighted a surge in spear-phishing attacks aimed at Certified Public Accountants (CPAs) and tax preparers. Fraudsters posed as potential clients, sending spear phishing email that included malicious attachments or links. When opened, these links deployed malware designed to capture login credentials, granting attackers unauthorized access to sensitive taxpayer data. The IRS emphasized the importance of vigilance, especially during tax season, to combat these sophisticated schemes (Source: McDonald Hopkins).

9. Targeted Attacks on Suppliers

• Scenario: An attacker sends spear phishing emails to a company's suppliers to gain access to the company’s network.
• Real Case: In February 2024, hackers used spear phishing to attack Pepco Group, a prominent European retailer. They experienced a significant financial loss of approximately €15.5 million due to this sophisticated spear phishing attack. Cybercriminals crafted convincing emails that impersonated legitimate employee communications, deceiving the finance department into authorizing fraudulent money transfers. The attackers likely utilized advanced AI tools to create emails free of spelling errors and closely mimicking the tone of genuine correspondence, making the deception difficult to detect (Source: Memcyco)

10. Spear Phishing for Trade Secrets

• Scenario: An attacker targets company employees to steal sensitive information or trade secrets.
• Real Case: In October 2024, OpenAI reported a spear-phishing attempt by a China-based group known as 'SweetSpecter.' The attackers sent spear phishing emails containing malware-laden attachments to OpenAI employees, aiming to infiltrate systems and access proprietary AI research and development data. This incident underscores the persistent efforts by nation-state actors to acquire trade secrets through targeted phishing campaigns (Source: Tech Times)

Being familiar with these different spear phishing examples is important for enhancing defenses against spear phishing in cybersecurity. By recognizing the specific methods used, organizations can better protect themselves and reduce the risk of falling victim to spear phishing scams.

Check out our guide to learn more about 2025 common phishing examples.

Comparing Examples of Spear Phishing: Individual vs Business Spear Phishing

Spear phishing attacks can target individuals or businesses, each with unique characteristics and methods. Understanding the differences between these types helps develop effective defense strategies.

Individual spear phishing focuses on single individuals, exploiting personal information and relationships for financial gain, identity fraud, or personal data theft. Attackers use personalized emails, emotional manipulation by impersonating friends or family, and fake login pages to steal credentials.

Business spear phishing targets employees within an organization, especially those with financial authority or access to sensitive information. The motivation is to achieve larger financial rewards, steal corporate secrets, or disrupt business operations. Common tactics include business email compromise (BEC), where high-ranking executives are impersonated to request wire transfers, and whaling, which targets senior executives with highly personalized emails. Supply chain attacks involve sending spear phishing emails to a company's suppliers or partners to gain network access.

The impact of individual spear phishing is usually limited to financial loss, identity theft, or personal data breaches. In contrast, business spear phishing can affect the entire organization, leading to significant financial losses, data breaches, operational disruptions, and reputational damage.

Watch the video below to see common examples of spear phishing and learn how to protect your organization.

Importance of Incorporating Spear Phishing Simulations into Awareness Training

Incorporating spear phishing simulations into security awareness training is significant for several reasons:

1. Realistic Practice: Phishing simulations provide a safe environment for employees to experience spear phishing email attempts, helping them recognize and respond to real threats more effectively.
2. Increased Awareness: Regular simulations keep employees aware of spear phishing risks, helping them stay alert and cautious.
3. Identifying Weaknesses: Simulations help identify employees who may need additional training and highlight common vulnerabilities within the organization that need addressing.
4. Improved Response: Practicing with spear phishing simulations enhances employees' ability to quickly and correctly identify and report spear phishing emails, reducing the likelihood of successful attacks.
5. Metrics and Improvement: Tracking the results of simulations provides valuable metrics on employee performance and the effectiveness of training programs, allowing for continuous improvement.

How to Prevent Spear Phishing?

Preventing spear phishing requires a multi-layered approach, combining user education, technical defenses, and continuous monitoring. Here are 5 best practices to prevent spear phishing in organizations:

1. Regular Employee Training: Educate employees on spear phishing tactics and how to recognize suspicious emails through ongoing training and simulations.
2. Implement Advanced Email Security Measures: Use email filtering solutions with machine learning and AI to detect and block threats and automatically scan email attachments and links.
3. Enforce Multi-Factor Authentication (MFA): Require MFA for email accounts and critical systems to prevent unauthorized access, even if login credentials are compromised.
4. Adopt Email Authentication Protocols: Use SPF, DKIM, and DMARC to verify the authenticity of incoming emails and protect against email spoofing.
5. Establish Clear Reporting and Response Procedures: Provide a straightforward way for employees to report suspicious emails and ensure the security team responds promptly.

These practices will significantly enhance an organization's defense against spear phishing attacks.

Enhance Your Defenses with Keepnet’s Spear Phishing Awareness Training

Strengthen your defenses against spear phishing with the Keepnet Phishing Awareness Training.

Applying Security Awareness Training is important for companies to protect their organization against spear phishing attacks. Employees can easily fall victim to sophisticated phishing schemes without such training, leading to significant data breaches, financial losses, and reputational damage. Inadequate protection can result in costly regulatory fines and long-term disruption to business operations and customer trust.

Keepnet Security Awareness Training offers:

• Extensive Awareness Training Options: Access to over 2000 training modules from 12+ content providers, ensuring up-to-date and effective training specifically designed to address spear phishing.
• Behavior-Based Training: Innovative phishing simulators cover incorrect behaviors across multiple areas such as (Vishing, Smishing, Quishing, Callback phishing, and MFA) to prevent future spear phishing mistakes and potentially save up to $1 million annually.
• User-Centric Experience: Trusted by over 2 million users, offering SCORM-compliant training packages that integrate with existing LMS for flexibility, focusing on spear phishing awareness.
• Engaging Training Methods: Uses gamification, storytelling, leaderboards, and custom certificates to make spear phishing training interactive and memorable.
• SMS Training Delivery: Ideal for employees with limited internet access, and provides detailed reporting to track progress and effectiveness in spear phishing prevention.
• Specialized Training: Includes materials for regulatory compliance (HIPAA, GDPR, etc.) and tailored content for different roles within the organization, enhancing relevance to spear phishing threats.
• Automated and Customizable Content: Automates training based on behavior and allows the creation of custom training materials specifically targeting spear phishing.
• Interactive Learning Path: Keepnet enhances learning by incorporating simulations and gamified experiences into a structured learning path, engaging employees and improving their understanding and retention of cybersecurity concepts.
• Security Behavior and Culture Programs: Empowers organizations to foster a strong culture of cybersecurity awareness by identifying risky behaviors, delivering targeted interventions, and encouraging positive change.
• Human Risk Scores: By analyzing employee behavior in real-world simulations, Keepnet assigns risk scores to highlight areas of vulnerability and measure improvements over time. This helps organizations benchmark their security posture and prioritize resources where they are needed most.
• Outcome-Driven Metrics: Provides actionable insights to measure the effectiveness of training programs and simulations, focusing on reducing risky behaviors and improving employee responses to cyber threats.
• Protection Level Agreements (PLAs): A unique feature that helps organizations set measurable goals for reducing their human risk scores and improving employee performance in phishing simulations and cybersecurity awareness training. PLAs ensure that security programs deliver tangible, benchmarkable results over time.
• Security Nudges: Uses behavioral psychology to provide timely, contextual reminders that encourage employees to adopt safer cybersecurity habits, reducing risky behaviors.
• Gamification: Enhances engagement through interactive challenges, rewards, and leaderboards, making security awareness training more effective and enjoyable.

With Keepnet Extended Human Risk Management platform, organizations can build a strong security culture and effectively enhance their defenses against spear phishing and other cyber threats.

Watch the video below to learn how Keepnet Security Awareness Training can help protect your organization from phishing attacks, including spear phishing.

Editor's Note: This article was updated on February 18, 2025.