What is Spearphishing?
Here’s how one convincing email can compromise an entire organization, and what safeguards you can have in place to prevent it.
A Familiar Story With a Modern Twist
You may remember a close-to-home incident from 2016 where a Milwaukee Bucks employee fell victim to a spearphishing scam that exposed sensitive financial information. It made national news, but the reality is that this type of attack continues to happen every day to organizations of every size.
In the past, a similar situation almost happened to Applied Tech’s own founder, Kurt Sippel.
A seemingly routine internal email asked the company controller to pay an invoice. The message looked legitimate in every way:
It addressed her by name
It matched Kurt’s writing style
It used his real signature, company logo, and confidentiality statement
But something felt off. The controller noticed the sender’s full name appeared differently than usual. She used the internal verification process she had been trained on and quickly uncovered the fraud before money was sent.
“If it can happen to us, it can happen to anyone,” Kurt said.
What Makes Spearphishing Different
Most people are familiar with phishing, which involves suspicious messages from unknown senders pretending to be banks, retailers, or popular websites.
Spearphishing is different.
It impersonates someone inside your organization, often a CEO, CFO, director, or another person with enough authority that employees do not question unusual requests.
“These campaigns are amazing,” Kurt said. “The emails are customized to each target using their job title, company information, phone number, and details from public sources like LinkedIn and company websites.”
This level of personalization makes the messages feel trustworthy and legitimate, even to experienced employees.
Why Spearphishing Is Getting Worse
At Applied Tech, we’ve seen a sharp rise in businesses seeking better security tools and training. There are three main reasons behind the increase.
1. Human Error Happens
Employees lose devices, click the wrong link, or trust requests that appear legitimate. Even well-trained staff can make mistakes, especially when workloads are heavy or deadlines are tight.
2. Mobile and Remote Work Expand the Attack Surface
People work from everywhere now, often on multiple devices. Once employees leave the corporate network, security protections weaken unless mobile policies are enforced.
3. Cybercrime Is Easier and Cheaper Than Ever
Recent threat intelligence reports show just how accessible hacking has become:
Personal email accounts can be compromised for around $100 to $150
Corporate inboxes sell for $500 or more
Phishing kits and tutorials cost $20 to $40
Remote access trojans can cost as little as $5
Cybercrime has turned into a low-barrier industry with high financial reward. Some attackers even offer free trial attacks to demonstrate effectiveness.
Ransomware: A Growing and Highly Disruptive Threat
While phishing remains the most common attack method, ransomware is one of the most damaging outcomes.
In a ransomware attack, criminals encrypt your files and demand payment to unlock them. The ransom may be a few thousand dollars, but the downtime can cost far more.
Applied Tech has helped multiple clients recover from ransomware incidents. Because they had reliable backups, they did not have to pay the ransom. Many organizations are not as fortunate.
Healthcare, manufacturing, and small businesses remain top targets. Attackers know these organizations cannot afford extended downtime.
A widely known example involved Hollywood Presbyterian Medical Center. Following a ransomware outbreak, the hospital operated offline for 10 days and ultimately paid $17,000 in Bitcoin to regain access to its systems.
The problem continues to grow. Global damages from ransomware now reach into the billions, and attackers increasingly use artificial intelligence to craft convincing emails and automate attacks.
How Organizations Can Protect Themselves
There is no single solution that prevents every attack, but companies can significantly reduce risk with the right foundation.
Good User Habits
Employees should verify unusual requests, use caution with links or attachments, and slow down when something feels off.
Reliable Backups
Well-managed backups can mean the difference between a minor disruption and a total shutdown.
Regular Patching and Updates
Unpatched systems are one of the most common entry points for attackers.
Mobile Device and Remote Security
Security must follow employees wherever they work, not only inside the office.
Modern Email and Endpoint Protection
Tools that detect suspicious behavior, not just suspicious content, provide stronger protection against customized attacks.
Improve Your Organization’s Security Measures
With cybersecurity-smart employees and robust technology, your organization will operate more securely and efficiently than ever before. Applied Tech can help you level up your cybersecurity infrastructure.
About Applied Tech
Applied Tech is a leading IT and cybersecurity services provider dedicated to helping businesses protect their digital assets. Our proactive and strategic services include cloud management, security, productivity, and IT growth strategy. With a team of experienced professionals, we provide unique solutions tailored to your IT needs.
Protect your business with Applied Tech’s fully managed IT services, co-managed support, and security assistance. With IT services focused on your business goals, keep your team productive and your data secure.
