Spear phishing is targeted phishing, the use of spoof emails to persuade people within a company to reveal sensitive information or credentials.

Unlike phishing, which involves mass-emailing, spear phishing is small-scale and well-targeted. The spear phisher emails users in a single business. The emails may appear to come from another staff member at the same company and ask you to confirm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website or intranet.