--- title: "13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization | Phish Protection" description: "Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g." image: "https://phishprotection.com/og/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization.png" canonical: "https://phishprotection.com/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/" --- Quick Answer Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g., CEO, CFO, CIO, etc.) or upper management to \_steal financial and sensitive or confidential information from unsuspecting top-level management\_. Spear phishing data breaches account for more than half of the phishing scams worldwide, which occur every year. Verizon reports elucidate that a high proportion of these data breaches begin with a directed phishing campaign targeted against an enterprise. Although Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2F13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=13%20Spear%20Phishing%20Attacks%20Examples%20To%20Justify%20Investment%20For%20Phishing%20Prevention%20Solutions%20In%20Your%20Organization&url=https%3A%2F%2Fphishprotection.com%2Fblog%2F13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2F13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2F13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization%2F&title=13%20Spear%20Phishing%20Attacks%20Examples%20To%20Justify%20Investment%20For%20Phishing%20Prevention%20Solutions%20In%20Your%20Organization "Share on Reddit") [ ](mailto:?subject=13%20Spear%20Phishing%20Attacks%20Examples%20To%20Justify%20Investment%20For%20Phishing%20Prevention%20Solutions%20In%20Your%20Organization&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2F13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-software-6479.jpg) Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g., CEO, CFO, CIO, etc.) or upper management to _steal financial and sensitive or confidential information from unsuspecting top-level management_. Spear phishing data breaches account for more than half of the phishing scams worldwide, which occur every year. Verizon reports elucidate that a high proportion of these data breaches begin with a directed phishing campaign targeted against an enterprise. Although corporations deploy sophisticated [phishing prevention software](/) to safeguard their data, they remain **vulnerable because of human error**, which allows adversaries to bypass such security measures, including [anti-phishing solutions](/). Even today, most security professionals blame human failure as the main weak link in organizational security. “Human” here refers to users of technology with the exception of adversaries. Although major enterprises invest a considerable amount of capital on cybersecurity measures, news headlines regularly report new **spear-phishing scams**. There is no doubt that ignorance of employees and executives is a significant reason such attacks are successful. Such a situation is dangerous and untenable in this digital age, where cyber espionage is a matter of ‘when’ rather than that of ‘if.’ We can understand the severity of the situation from the fact that scammers create approximately **1.5 million new phishing sites** every day. Knowing about the circumstances of the case can help organizations prepare themselves and face such threats successfully. ![Anti phishing software](https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-software-6479.jpg) ### Spear Phishing Statistics: An Unwelcome Trend Statistics and data reports are one of the best ways of learning about the harsh reality of cyber warfare. The Russian interfering in the 2016 US Presidential election is famous, and it is also an example of how a **state-sponsored social media campaign** can aggravate social and political disruptions in another country Given below are **13 spear-phishing statistics** to make your case for email fraud protection: - According to a[ report](https://www.thesslstore.com/blog/80-eye-opening-cyber-security-statistics-for-2019/) by Cofense, formerly known as PhishMe, around 91 percent of all cyberattacks begin with a spear-phishing email. Phishing has continued to be the most common form of attacks against businesses around the globe. - According to the “State of the Phish Report, 2019”, which Proofpoint compiled from detailed phishing statistics based on multiple sources, including about 15,000 responses to the quarterly surveys on infosec professionals around the globe, 83 percent of the global infosec respondents experienced phishing attacks in 2018\. The numbers showed an increase of seven percent from that in 2017\. Reports of credential compromise due to these attacks also rose by 70 percent from 2017. - It seems that hackers are taking active measures to thwart our attempts at countering their attacks with [spear phishing prevention](/) softwares. As per the latest “Phishing Activity Trends Report” released on January 2019, nearly half of all phishing websites are now being created using HTTPS encryption. This number is about a 900 percent increase since the end of 2016 and increases threat levels significantly. The report also says that _phishing sites have taken to using more web page redirects to evade detection attempts_. - According to Norton Security, the USA experiences the highest volume of cybersecurity attacks in the world. Nearly 60 percent of American families have witnessed exposure to cyber fraud schemes according to[ research](https://www.aicpa.org/press/pressreleases/2018/nearly-half-of-americans-say-id-theft-likely-to-cause-them-finan.html) done by The Harris Poll and the American Institute of CPAs (AICPA). Wombat Security’s[ State of the Phish 2018](https://info.wombatsecurity.com/hubfs/2018%20State%20of%20the%20Phish/Wombat-StateofPhish2018.pdf?submissionGuid=2ecea77c-aa0d-404a-b0f4-030732e60a3a) also reported that 76 percent of organizations and businesses were targets of phishing attacks. - The number of brands targeted is also on the rise, with the figure for September 2018 at 286, the highest in a month since November 2017\. The Online Payments Sector was targeted the most by phishing attacks in Q3 2018, followed by SAAS/ webmail and financial institutions. The latest Phishing Activity Trends Report revealed this finding. - As per Phish Labs’s 2018 “Phishing Trends and Intelligence[ Report](https://info.phishlabs.com/hubfs/2018%20PTI%20Report/PhishLabs%20Trend%20Report%5F2018-digital.pdf),” phishing attacks by _hackers mimicking SaaS (Software-as-a-Service) platforms increased by a whopping 237 percent in 2017_. - Verizon said that phishing and pretexting accounts for a high number of social incidents and breaches. Verizon’s 2018 Data Breach Incident[ Report](https://enterprise.verizon.com/resources/reports/DBIR%5F2018%5FReport.pdf) puts the numbers at 98 percent of social incidents and 93 percent of breaches as being represented by phishing and pretexting. - The Microsoft Security Team released a[ report](https://www.digitaltrends.com/computing/microsoft-security-massive-increase-phishing-scams/), after extensive scanning of over 470 billion business email messages that have been received by the customers of its Office 365 platform, which states that malicious phishing attacks have increased by over an alarming 250 percent. The report also uncovered more bad news; it says that\_ hackers are growing in proficiency, which makes their attacks harder to detect and counteract\_. - Thirty-four percent of all cyber-attacks on organizations involved insiders, according to Verizon Data Breach Investigations Report 2019\. The[ report](https://enterprise.verizon.com/resources/reports/DBIR%5F2018%5FReport.pdf), which is compiled from a comprehensive summary of statements by public and private entities around the globe of data breaches, also states that 43 percent of these cyber-attacks target SMBs. This high number of attacks on small businesses proves the fact that anyone can be a target no matter what their size is. - The Verizon report also uncovers that C-Level executives in an organization are targeted 12 times more by social engineering attacks than other employees. This particular report confirms that attackers are doing their surveillance and profiling with high proficiency. - The astronomical amount of money lost to cybercriminals is going to increase. According to Juniper[ Research](https://www.juniperresearch.com/researchstore/innovation-disruption/cybercrime-security/subscription/threat-analysis-impact-assessment-leading-vendors) 2016, _the cost of cybercrime and data breaches will rise to $2.1 trillion by 2019_. - IBM estimates that a data breach by hackers has an average financial cost of $3.86 million. Business Email Compromise (BEC) scams[ account](https://retruster.com/blog/2019-phishing-and-email-fraud-statistics.html) for over $12 million in losses, according to a survey conducted by the FBI. - Last year’s[ report](https://zvelo.com/news/phishing-2019-most-significant-security-challenge/) from Lookout states that about 56% of mobile device users have received and clicked on a phishing URL. ![Spear Phishing Latest Statistics](https://media.mailhop.org/phishprotection/images/2019/08/Spear-Phishing-Latest-Statistics.jpg) ### Conclusion > “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle It might seem obvious, but these reports show that there is a significant knowledge deficiency with regards to awareness and proper education of employees and executive users when it comes to phishing. Phishing attacks, primarily targeted phishing attacks like **whaling and spear phishing**, continue to be successful because they are very effective. They also remain lucrative at the same time as a successful spear-phishing attack could net the attacker up to $1.6 million (Keepnet Study 2017). What’s more, it is not just individuals but even **government-funded hackers** who are directly or indirectly involved in spear-phishing attacks such as the hacking of Ukraine’s power grid. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)[ Foundational 4m 300K vehicles and trip details exposed as NexOpt experienced a massive data breach! Apr 11, 2025 ](/blog/300k-vehicles-trip-details-exposed-as-nexopt-experienced-massive-data-breach/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization","description":"Spear Phishing is a type of phishing attack which generally targets “Whales” or “high-level organizational actors” such as C-suite executives (e.g.","url":"https://phishprotection.com/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/","datePublished":"2019-08-01T10:52:33.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-08-01T10:52:33.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1089,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-software-6479.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization","item":"https://phishprotection.com/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/"}]} ```