Phishing vs. Spear Phishing

The difference between phishing and spear phishing is that phishing is a more generic attack that goes to a broad group assuming that at least one person will act and provide usable information. Spear phishing is more targeted and may include information specific to an individual or company, generally gathered from publicly available information or information learned through a broader phishing event. In either case, employees should be trained to recognize these types of attacks and escalate appropriately. Social engineering poses the greatest threat to any organization and can often act as footholds to much larger attacks.