Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

2025 is almost over

Get in on the best deals before it’s too late

  • Save up to 50%

  • Get up to $90 BTC
Shop now Learn more

Spear Phishing

Dec 16, 2025 | Updated Dec 16, 2025
Spear phishing is a targeted cyberattack where scammers use personalized information to trick a specific individual or organization.

What Is Spear Phishing?

While standard phishing attacks cast a wide net (like sending generic emails to thousands of people hoping someone bites), spear phishing is a more sophisticated version that targets a specific individual or organization.

In a spear phishing attack, the scammer researches their target beforehand. They might use details from social media, public blockchain activity, or previous data breaches to craft a message that feels highly personal. As these messages often address the victim by name, reference personal information like an employer or job title, or mention a recent transaction they actually made, they can be much more convincing and thus harder to detect than generic spam.

How Does Spear Phishing Work?

A typical spear phishing attack follows these steps:

  1. The attacker gathers data on the target. For a digital asset owner, this might mean identifying their wallet address on a public explorer or otherwise finding their personal information online.
  2. The attacker sends a personalized message. For example, they might pose as a customer support agent from a specific exchange the victim uses, claiming there is an issue with a recent transaction.
  3. The message includes a link to a malicious website that looks identical to the legitimate service.
  4. Once on the fake site, the victim is tricked into an action, such as entering their login credentials or signing a malicious transaction that drains their wallet.

Examples of Spear Phishing in Crypto

Customer Support Impersonation:

Scammers frequently pose as support staff from a wallet or exchange you use, contacting you about “suspicious activity” on your account and referencing your actual transaction history to appear legitimate.

Airdrop Scams

A user receives a token in their wallet that appears to be from a project they support. When they visit the “claim” website to cash it out, they are prompted to sign a transaction that gives the attacker control over their assets.

Whaling

This is a specific type of spear phishing that targets high-profile individuals (whales) or executives to steal significant funds or sensitive information.

Staying Safe from Spear Phishing Attempts

  • Verify the Source: Always double-check the sender’s email address and the URL of any link. Be skeptical of unsolicited messages, even if they know your name.
  • Don’t Click Random Links: Instead of clicking a link in an email or DM, navigate to the service’s official website manually through your bookmarks.
  • Use a signer: Keeping your keys offline ensures that even if your computer is compromised by malware from a phishing attachment, your funds remain safe as long as you don’t physically approve a transaction on the device.

Ledger signers provide a critical layer of defense against spear phishing. Because your private keys never leave the signer’s Secure Element chip, they cannot be stolen by malware or fake websites.

Beyond offline storage, Ledger also offers two powerful features to protect you: Clear Signing ensures you understand exactly what you are signing by translating complex data into human-readable text, while Transaction Check proactively simulates operations to detect potential scams before they happen.

Above all else, it’s crucial to stay vigilant and practice good security hygiene to ensure your assets stay secure. Remember: nothing can protect you from user error except yourself. 

Design Flaw Attack

A design flaw attack is a cyberattack where hackers use corrupted software to access a user’s cryptocurrency asset.

Full definition

Multichain

A multichain is an application designed to operate across isolated chains, allowing them to communicate with each other.

Full definition

Token

Tokens are a type of digital asset that refers to a programmable unit of value or utility and can be used to represent ownership, access rights, or participate in decentralized applications.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.