From Phishing to Spearphishing

Phishing is sending an email to trick users into giving their confidential details. The more dangerous cybercriminal opportunists do Spear phishing. Whereas regular phishing targets various users that take the bait, spear phishing is aimed at particular users or groups, ideally for financial gain. The cybercriminal needs to gather information on the user or organisation. With adequate information, he/she will send an email trying to convince the target the email’s legitimacy. The email may contain a link to a site masquerading as a password reset utility, which can potentially compromise user accounts. In the event of a successful spear phishing attack, a change of password must be immediately applied, any financial authorities must be alerted for any finance details passed on and all software on the user’s computer must be updated.

https://www.microsoft.com/en-us/microsoft-365/growth-center/resources/what-is-spear-phishing-how-to-keep-yourself-and-your-data-above-water