FraudScope // Threat Library // Spear phishing

Phishing // Targeted

Spear phishing

Spear phishing is phishing aimed at a specific person, using real details like your name, employer, or a recent purchase to seem legitimate. That personalization is exactly what makes it dangerous. Here is how targeted attacks work.

Explore FraudScope Download on App Store

On-device iPhone · iOS 18+ Available now

What it is

Phishing that did its homework

Where ordinary phishing is mass-mailed, spear phishing is tailored to you. The attacker researches your name, role, employer, contacts, or recent activity, then crafts a message that fits your life convincingly.

In a workplace, this becomes business email compromise: a message that appears to come from your boss or a vendor, asking for an urgent payment or a change to banking details. The realism is the whole attack.

The playbook

How the attack works

Research the target

They gather your name, role, colleagues, and routines from public sources and breaches.

Impersonate someone you trust

A boss, vendor, or colleague, often with a near-identical email address.

Make a plausible request

An urgent invoice, a wire transfer, a gift-card errand, or a document to open.

Exploit the relationship

You comply because it looks like it came from someone real, with real context.

In their words

What it looks like

// THE MESSAGE

Hi, I’m in back-to-back meetings and need you to handle something quickly. Can you purchase four $200 gift cards for a client and send me the codes? I’ll reimburse you today. Keep this between us for now.

FraudScope reads it as

Spear phishing / business email compromise. FraudScope flags the impersonated authority, the secrecy, and the gift-card errand. Its guidance: verify with the supposed sender through a known channel before acting, even if the details look right.

Red flags

Warning signs to watch for

A message from a "known" person whose email address is subtly wrong.
An urgent, unusual request to pay, wire funds, or buy gift cards.
A request to change a vendor’s or employee’s banking details.
Pressure to keep the request quiet or act outside normal process.
Accurate personal or company details used to build false trust.

How FraudScope helps

Realistic does not mean real

Paste the message and FraudScope identifies the spear-phishing pattern, including impersonated authority and out-of-process urgency, and reminds you to verify through a known channel. Accurate details are a tactic, not proof.

Analysis runs entirely on your iPhone and makes no network requests. The only time FraudScope touches the internet is if you tap Inspect URL to check where a link really goes, and it tells you before it does.

Intent reconstructionBEC awarenessOn-device

Questions

Frequently asked

How is spear phishing different from regular phishing?

Regular phishing is sent in bulk to many people. Spear phishing is customized for one target, using real details to appear credible. That personalization makes it harder to spot and more likely to succeed.

A message from my boss looks completely real. How do I verify it?

Confirm through a separate, known channel, such as calling them directly or messaging on a platform you already use, before acting on an unusual or urgent financial request. Never rely on the email thread itself to verify the email.

Does FraudScope send my messages anywhere?

No. Analysis runs entirely on your iPhone with no network connection. The only time it contacts the internet is if you choose to inspect a link’s destination, and it tells you before it does.

Will FraudScope catch every scam?

No tool can. FraudScope is strongest with the full content of a message and weaker with a bare screenshot that has no link or sender. It is a powerful second opinion, not a guarantee. When in doubt, slow down and check with someone you trust.

Read the scam before it reads you

FraudScope explains what a suspicious message is really trying to do, entirely on your iPhone. Now available on the App Store.