Secure Your Email

    Spear Phishing Protection


    Spear phishing attacks are nearly impossible to recognize 

    Highly targeted, customized spear phishing attacks are incredibly hard for people to detect — but can have devastating consequences for any size business. Employees are still falling for even garden-variety phishing attacks, even as the sophistication of these attacks is rising significantly due to techniques like social engineering. It’s more important than ever to prevent spear phishing attacks from ever reaching your end users.


    The challenges of fighting spear phishing

    Spear phishing is the go-to cyberattack technique of hacktivists, cybercriminals and nation-state attackers everywhere. So much so, in fact, that security professionals in Mimecast’s State of Email Security report consistently say their organizations face phishing attacks, with most agreeing phishing is on the rise. It’s most dangerously deployed in business email compromise scams that can cost companies millions. But it’s also an effective and inexpensive way to harvest user credentials, implant various forms of malware, bring unsuspecting users to malicious websites, impersonate trusted people and collect useful intelligence about the target organization.

    Cybersecurity awareness training is undoubtedly one of the most important ways to protect your organization from spear phishing attacks. But spear phishing emails are way too challenging to identify to rely on people alone to defend themselves and their organizations. Mimecast’s multi-layered detection technologies, including machine learning algorithms, should be a crucial part of your spear phishing solution.


    The Mimecast Solution

    Mimecast offers granular and customizable email security configurations to fit your organization’s needs and prevent advanced spear phishing threats. Mimecast’s email security solution includes machine learning tools that screen emails by looking for tell-tale patterns of fraud, so it helps detect and block spear phishing emails that:


    Include both known and unknown or new malware.


    Include malicious URLs.




    Attempt to impersonate senior staff members and push for the release of sensitive information or fraudulent money wiring.


    Impersonate well-known internet brands or external third-party organizations you do business with.


    Phishing facts you need to know, including the 5 different types of phishing attacks

    When it comes to phishing attacks, knowledge is power. Learn about spear phishing, whaling, smishing and vishing, not to mention angling. And did you know that the average wire transfer request in a spear phishing/business email compromise attack went up 14% in the first quarter of 2021 to $85,000, from $75,000 in the previous quarter? Read:

    Phishing Facts and Statistics You Need to Know

    5 Types of Phishing Attacks to Watch For


    Spear Phishing FAQs

    What is spear phishing?

    Spear phishing is a socially engineered email attack that targets a particular person, usually someone who can authorize payments or whose login credentials offer senior level permissions within a corporate network. Thanks to social media and other public information sources, cybercriminals can learn enough about such high-ranking individuals to engineer extremely convincing scam emails. Thus, spear phishing has become a go-to cyberattack technique of hacktivists, cybercriminals and nation-state attackers everywhere. It’s most dangerously deployed in business email compromise scams that can cost companies millions — the FBI has named BEC phishing attacks as the single costliest type of cyberattack.

    What helps protect from spear phishing?

    Protecting an organization, its executives and employees, from spear phishing attacks requires a combination of techniques. Topping the list is cybersecurity awareness training that educates staff in the various spear phishing tactics used by cybercriminals. Email authentication protocols such as Domain-based Message Authentication, Reporting & Conformance (DMARC) can help identify fake addresses used for phishing attacks. Automated scanning of emails to find anomalies helps, as do machine learning tools that can spot patterns that don’t fit in with the company’s normal email flow. 

    What is the most effective solution to spear phishing attacks?

    The most effective solutions to spear phishing attacks must combine all of the technology and training capabilities described in the previous answer with one more: business process controls. A system of checks and balances that requires a minimum of two different people to approve important actions, most notably payment processing, can stop scams like business email compromise.  
    Related Products

    Protect against email-based threats with advanced technical capabilities

    Phishing, spam, business email compromise, malicious URLs, ransomware - these attacks continue to plague businesses. Explore Mimecast's features that protect against these ubiquitous threats.

    Email security & resilience

    Get world-class protection, offered with total deployment flexibility, with Mimecast Email Security. Our AI-powered detection blocks the most sophisticated email threats.


    Brand protection

    Safeguard your digital brand to protect employees, customers, and partners by identifying and blocking brand impersonation attacks exploiting websites similar to your own.


    Social Engineering Defense & AI Cybersecurity

    Empower users with AI-driven email warning banners surfaced and updated in real time based on risk.

    Back to Top