Who Are the Most Likely Targets of Spear Phishing Attacks?

  • By Maddie Rosenthal
  • 28 August 2020

Last year, 88% of organizations around the world experienced spear phishing attacks. But some industries and departments are more likely to be targeted than others.

In this article, we’ll identify examples of vulnerable employees, why they’re targeted, and what tactics hackers use to trick them into handing over sensitive information or initiating money transfers. 

But, before we get started, it’s important you understand the difference between phishing and spear phishing.

The difference between phishing and spear phishing

There are three key differences between phishing and spear phishing.

  1. Phishing attacks are high-volume, most often targeting hundreds or thousands of people while spear phishing attacks are low-volume, meaning only one person or a small group of people are targeted.
  2. Phishing attacks are non-personalized while spear phishing attacks are highly personalized.
  3. Phishing emails more often employ malicious links or attachments (called “payloads”) to deliver malware or capture sensitive information, while spear phishing emails don’t always carry payloads; these are called “zero-payload attacks”

For more information, including an infographic and real-world examples, read this article: Phishing vs. Spear Phishing: Differences and Defense Strategies.

Who are the most likely targets of spear phishing attacks?

When we talk about spear phishing attacks, we’re talking about a number of highly targeted attacks, including:

For more information about these different types of attacks, click the links above.  If you’re already familiar with these terms, keep reading to find out the four “types” of employees who are most likely to be targeted by spear phishing attacks in 2020.

“Note: This article combines facts and figures from several different research reports. These personas were created to educate readers on the most targeted industries, what motivates hackers, the social engineering tactics they use in different circumstances, and what makes individuals more vulnerable to scams. ”

An executive assistant (new-starter) at a Technology company

In companies with over 1,000 people, employees working in Technology are the most likely to fall for a social engineering scam. In fact, according to research, 1 out of every 2 employees will click on a suspicious link or email or obey a fraudulent request in this industry. 

These aren’t great odds.

Of course, when we’re talking about spear phishing, it’s a targeted attack. That means hackers won’t just send out bulk emails to thousands of employees. Instead, they’ll select individuals who have access to sensitive systems and data and who they think are more likely to fall for a scam.

So, who has access to sensitive systems and data? While you may immediately think of the C-Suite or someone in HR, Executive Assistants are actually a prime target. It makes sense.

  • They have access to executives’ email accounts
  • They are privy to private meetings
  • They often make travel arrangements
  • They have credit card details on file
  • They will likely be able to quickly find PII for employees
  • They will be looped in on emails containing Intellectual Property like product roadmaps and business strategies
  • They also generally have quite a bit of autonomy 

A hacker’s dream.

You may be asking yourself: Why identify this person specifically as a new-starter? Because new-starters are especially vulnerable to advanced impersonation attacks. 

They aren’t yet familiar with policies or people. They probably haven’t had security training yet. That means they’ll be less likely to confidently distinguish between a normal email and a suspicious request. They’ll also be eager to show initiative and may be less likely to push back when asked to do something unusual like emailing across bank account details or changing passwords.

And, depending on the security culture in the company, they may be apprehensive to report the suspicious email, especially if they were tricked into following a link or downloading an attachment.

  • How would a hacker know if a certain employee has recently joined?

    Spear phishing attacks and other highly targeted attacks require a bit of recon.

    Hackers will research a particular organization or person, hoping to find information that will help them craft a believable email. This could be information about the organization’s structure (for example, who a particular employee reports to) or about a particular person (for example, who started most recently). All a hacker has to do is dig around on LinkedIn and other social media networks. They can also scour a company’s website or look at recent press releases.

An office administrator working in Healthcare

While Technology is among the most vulnerable in companies with over 1,000 employees, Healthcare is among the most vulnerable across all company sizes and is also the industry most likely to experience a data loss incident involving employee misuse of access privileges.

Worse still, Healthcare has the highest costs associated with a data breaches – 65% higher than the average across all industries – and has for nine years running. Unfortunately, this doesn’t stop hackers from targeting employees like office administrators who – like executive assistants – have access to sensitive systems and data.

The data an office administrator working in Healthcare might handle includes:

  • Health records
  • Clinical trials
  • Insurance information
  • Credit card details
  • PII of patients
  • PII of employees
  • Payroll information

And, because a lot of Healthcare professionals work in the public sector, they may have limited budgets for email security solutions that detect and prevent advanced inbound threats that use domain spoofing to trick targets. 

An accounts payable manager at a Manufacturing company

Last year, the Manufacturing industry saw the most breaches from social attacks like spear phishing. They’re also among the most at risk companies with 1,000+ employees. 


Organizations operating in this industry tend to be a part of long supply chains. That means there will be a lot of invoices being paid in and out

Employees who deal with invoices are even more likely to be targeted now than they were a few months ago. Incidents involving payment and invoice fraud have increased by 112% since Q1 and Q2 2020. Attacks on finance employees have increased by 87% during the same period.

It’s also important to note that, unlike other industries like Healthcare, Financial Services, and Legal, the Manufacturing industry isn’t obligated to comply with strict compliance standards. That means many don’t have safeguards in place to protect against threats like spear phishing and business email compromise. 

A senior partner at a law firm 

While we’ve outlined why mid-level employees are vulnerable to attacks, it’s important to note that high-ranking employees are high-risk, too. 

Not only do they have access to sensitive information like client data and Intellectual Property, but, according to new research into the Psychology of Human Error, employees like Senior Partners may be among the most likely to click on a phishing email. 

That’s because survey respondents cite distraction as the number one reason they’ve clicked on phishing emails. They also say they’re more likely to make mistakes when they’re stressed or tired. Senior partners tend to work across several projects, are generally time-poor, and are under tremendous pressure to perform. 

But, senior partners are even more vulnerable than other C-level executives because, well, the larger Legal sector is vulnerable. In fact, it’s in the top three most targeted industries, with 80% of firms saying they’ve been targeted by a phishing attack.  

How can employees detect spear phishing attacks?

While we go into more detail about defense strategies for spear phishing in this article, here are a few top tips to help you spot social engineering attacks like BEC, CEO Fraud, and more.

  1. Review the email address of senders and look out for impersonations of trusted brands and people (like your CEO or Finance Director) including display name impersonation and domain impersonation.
  2. Always inspect URLs in emails for legitimacy by hovering over links before clicking on them
  3. Pay attention to differences – that may be very subtle – in website content if you follow a URL after inspecting it
  4. Never divulge personal information if you don’t trust or recognize the sender or if you have any doubts about the legitimacy of the email. If you’ve been prompted to, investigate and contact the brand or person directly, rather than hitting reply

But, it’s important organizations don’t leave their people as the last line of defense. Technology is critical, especially as threats become more and more sophisticated and harder to detect. 

But, spam filters, antivirus software, and other legacy security solutions just aren’t enough.

How does Tessian prevent spear phishing attacks?

Tessian’s machine learning algorithms are trained on historical email data. This enables Tessian Defender to understand a company’s complex network of relationships and the context behind each email. From there, it can flag emails that look suspicious.  

In layman’s terms: Tessian Defender detects and prevents what other solutions can’t, including CEO Fraud, Whaling, Business Email Compromise, and more. 

To learn more, book a demo or download the data sheet.

Maddie Rosenthal