# Spear Phishing **MITRE ATTACK layer: Initial Access** Spear phishing is a targeted social engineering attack where an attacker crafts highly personalized messages to a specific individual or team, increasing the likelihood of trust and interaction. ## How is Spear Phishing abused Attackers research the target using public data, breached information, or internal context, then send tailored emails or messages containing malicious links, attachments, or credential-harvesting pages. ## Why Spear Phishing matters Because of its precision and legitimacy, spear phishing often bypasses user suspicion and security controls, leading to credential theft, unauthorized access, lateral movement, or targeted ransomware deployment. ## Real-world example ### Credential Theft via SharePoint Phishing Microsoft warned of sophisticated phishing campaigns targeting energy firms that began with spear-phishing emails from compromised accounts linking to fake SharePoint login portals, which harvested credentials and enabled persistent access. [Source](https://www.techradar.com/pro/security/microsoft-sharepoint-exploited-to-hack-multiple-energy-firms?utm_source=chatgpt.com) ## Related topics ### Phishing [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/phishing.html) ### Whale Phishing [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/whale-phishing.html) ### Advanced Persistent Threat [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/advanced-persistent-threat.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)