Phishing emails are sent to very large numbers of recipients, more or less at random, with the expectation that only a small percentage will respond. An apparently official email from, say, a well-known delivery company might arrive, saying that “Your package has been delayed, click here for details.” Click the link and malware might be downloaded onto your device, or you might go to a fake website where you’re asked to enter your name, address, and social security number. That information would then be sold on the black market or used for fraud or identity theft.
Spear phishing emails are carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information—and craft a fake email tailored for that person