Cybercrime: phishing vs spear phishing

Self-tutoring about life in the digital age: the tutor mentions phishing and spear-phishing.

The following is according to my understanding.

I mention in my post from Jan 6, 2026, that I received an email, apparently from my email address, that I hadn’t sent. To my understanding, that would be a case of spear phishing.

Phishing and spear phishing are both tricks cybercriminals use. Both involve, generally, electronic communications such as emails, phone calls, or texts, pretending to be from a legitimate source. (By itself, the pretense is spoofing.) The perpetrator hopes that the receiver will believe the communication to be from whom it claims, so will trust it and respond in a way that reveals information. It’s the information the perpetrator wants.

Phishing is more bulk rather than personally targeted. Therefore, one can receive phishing emails that seem to be from businesses where one doesn’t even have an account. In my experience, phishing emails pretending to be from delivery companies or crypto services seem common.

Spear phishing, on the other hand, purports to be from someone familiar to the the target. Examples might be a supplier they have an account with, a work colleague, or even themselves. Perhaps somewhat alarmingly, the attacker in a spear phishing scenario already knows information that the target probably doesn’t believe is public.

When a surprising communication arrives, whoever it seems to be from, I don’t interact with it. I might check, via other channels, its legitimacy.

Moreover, I try never to click links in emails, if I can help it. Opening attachments can be hazardous as well, but that depends on the context.

Source:

ibm.com