Glossary / Fraud & scams
Spear Phishing
Spear phishing is a targeted form of phishing that uses personalised details about a specific individual or organisation to make the fraudulent message more convincing.
How is spear phishing different from ordinary phishing?
Where ordinary phishing is sprayed at thousands of inboxes, spear phishing is aimed at one person or team and built from research. The attacker studies public sources such as LinkedIn, the company website, and past news, then writes a message that names real colleagues, real projects, and real suppliers. A typical Australian example targets an accounts payable officer by name, references an actual project the business is running, and asks them to action a bank detail change for a supplier they genuinely deal with. Because the details are correct, the request feels routine rather than suspicious.
Why it matters for Australian finance teams
Personalisation is what makes spear phishing so effective and so dangerous. Generic phishing red flags, such as odd greetings or irrelevant content, are deliberately absent. Finance staff are prime targets because they can move money, and a well-researched message can produce a large single loss. Spear phishing underpins CEO fraud and business email compromise, which the ACCC’s Scamwatch consistently identifies as high-cost threats to Australian organisations. The takeaway for finance leaders is that accuracy in a message is not evidence that a payment instruction is genuine.
How ezyshield helps
No matter how well researched the message, ezyshield checks the fact that decides the outcome: whether the person or business actually owns the account you are about to pay. It confirms bank account ownership before money moves and re-verifies whenever details change, so a convincing, tailored request to redirect funds is caught. ezyshield is not an email-security or training tool, so keep those defences alongside it. See how it works and how we address CEO fraud.
Also known as: targeted phishing, spear-phishing attack
Last updated: 7 July 2026
Related terms
- Phishing Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.
- Whaling Whaling is a form of spear phishing that targets senior executives, using highly tailored messages to trick them into authorising large payments or disclosing sensitive information.
- CEO Fraud CEO fraud is a scam where an attacker impersonates a senior executive, such as the CEO or CFO, to pressure staff into making an urgent payment or changing payment details.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
See also: Business email compromise , CEO fraud , Payment fraud prevention in Australia
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.