Spear phishing is a targeted phishing attack customized for a specific individual. Unlike mass phishing emails (“Dear Customer”), spear phishing uses personal information to make the attack highly convincing.
How Spear Phishing Works
Research Phase
The attacker gathers information about you from:
- Social media — LinkedIn, Twitter, Instagram, Facebook
- Public forums — BitcoinTalk, Reddit, Discord posts
- On-chain activity — Your wallet addresses and transaction history
- Data breaches — Your email, password, and personal info from past breaches
- Your projects — If you’re in a crypto DAO, the attacker studies it
Attack Phase
The attacker uses the gathered info to craft a personalized message:
- “Hi [your real name], I’m from [your exchange]. We noticed unusual activity on your account” — Knows which exchange you use
- “I saw your post on BitcoinTalk about [your specific wallet issue]. I can help fix it” — References your actual post
- “This is [colleague’s name] from [your DAO]. We need you to sign this proposal” — Impersonates someone you work with
Why Spear Phishing Is So Effective
- Uses your real information — The message includes details only a trusted source would know
- Targets your specific vulnerabilities — If you posted about a wallet issue, the scammer offers to help
- Highly personalized — Harder to dismiss as “just another scam email”
- Bypasses spam filters — Custom messages don’t match phishing templates
Common Spear Phishing Templates
The “Exchange Support” Attack
“I’m [Name] from [exchange you use]. We’ve detected a login attempt from [location]. To secure your account, please verify your withdrawal address.”
Goal: Trick you into revealing your password and 2FA code.
The “Wallet Recovery” Attack
“I saw your post about losing access to your wallet. I’m a developer who built a recovery tool. It’s free but needs a small test transaction to verify.”
Goal: Steal your seed phrase or drain your wallet.
The “Investment Opportunity”
“You were recommended as a trusted community member. We’re doing a private presale of [coin name]. Your allocation is [amount] at [discount].”
Goal: Get you to connect your wallet to a drainer.
The “Job Offer”
“We found your profile on LinkedIn and think you’d be perfect for our crypto team. Can you complete this test by installing our trading platform?”
Goal: Install malware on your device.
How to Defend Against Spear Phishing
Reduce Your Digital Footprint
- Use a different username for each platform (so posts can’t be connected)
- Don’t post about specific wallet issues or exchange problems publicly
- Use privacy settings on social media
- Consider using a wallet address that can’t be traced to your identity
Verify Through a Second Channel
If you receive a suspicious message:
- Do not reply to the message
- Contact the person/company through their official channel (not the one in the message)
- Ask “Did you send me a message about this?”
Use a Crypto-Specific Email
Create a separate email address for all crypto accounts. Don’t use this email for social media or personal accounts.
Enable Two-Factor Everywhere
2FA with an authenticator app prevents account takeover even if your password is compromised.
What to Do If You’re Targeted
- Report the message — To the platform and any relevant community
- Don’t engage — Even replying confirms your account is active
- Check your security — Change passwords, review 2FA settings
- Monitor your accounts — Watch for unusual activity
Verdict
Spear phishing is the most dangerous type of crypto scam because it’s personalized and convincing. The best defense is to reduce your digital footprint, be suspicious of any message referencing personal information, and always verify through a second channel.
Related: Common Phishing Attacks | How to Recover a Hacked Account | Crypto Malware