Is spear phishing the same as whaling?

Whaling is spear phishing aimed at senior executives. The mechanics are similar; the targets and stakes are higher.

Why do attackers use spear phishing?

It’s more work per target, but the success rate and payoff are higher—especially for admin or finance access.

What should employees do when they get a “shared file” message?

Avoid logging in via the link. Use official bookmarks or the app directly, and verify the share through a second channel if it’s unexpected.

Can isolation replace email security?

No. It complements it. Email security reduces exposure; isolation reduces the impact when something still gets through.

Category: Phishing & Social Engineering

Spear phishing in the browser

Spear phishing is targeted phishing that uses personal or company context to make the message and link feel legitimate.

Quick answer

Targeted lures increase click-through and credential submission rates, especially for executives, finance, and IT admins.

For risky links and login flows, isolation keeps the page off the endpoint by running it in a disposable container and streaming only the rendered output to the user.

When you need this

You’ve seen indicators of this threat in your environment.
Users frequently click unknown links as part of daily work.
You need a control that reduces risk without relying on perfect user judgment.

Last updated

2026-01-29

How it usually happens in the browser

The attacker tailors a message (invoice, DocuSign, HR update, shared file) using names, roles, and real vendors.
Links route through URL shorteners, compromised sites, or ad networks to hide the final destination.
Victims land on a lookalike login page or consent prompt and provide credentials or approve access.
Stolen sessions are used quickly to bypass alerts and expand access across SaaS apps.

What traditional defenses miss

Traditional phishing filters focus on generic spam patterns and may miss highly specific, low-volume emails.
Users trust content that references real internal projects, vendors, or current events.
One compromised mailbox can be used to spear-phish internally with “trusted” sender reputation.

How isolation changes the game

Isolation turns “clicking the link” into a safer default by keeping untrusted web content away from the endpoint.
Disposable sessions reduce persistent compromise from follow-on downloads and embedded malware delivery.
Policy-based isolation helps protect high-risk roles without relying on perfect judgment every time.

See Legba for Chrome

Operational checklist

Segment high-risk roles (execs, finance, IT) and enforce stricter browsing policies for them.
Isolate external webmail, file-sharing links, and newly registered domains by default.
Require step-up authentication for financial actions and admin console access.
Harden mailbox rules to prevent auto-forwarding and malicious OAuth app grants.
Run table-top exercises: measure time-to-detect and time-to-contain after a realistic spear-phish click.

FAQs.

References.

01
CISA: Avoiding Social Engineering and Phishing AttacksCISA
02
Cloudflare: Browser IsolationCloudflare

Spear phishing in the browser

Quick answer

When you need this

Last updated

How it usually happens in the browser

What traditional defenses miss

How isolation changes the game

Operational checklist

FAQs.

References.

Keep exploring

All guides

All browser threats

Secure apps directory

AI security guides

Your agent needs its Legba.

How it usually happens in the browser

What traditional defenses miss

How isolation changes the game

Operational checklist

FAQs.

Is spear phishing the same as whaling?+

Why do attackers use spear phishing?+

What should employees do when they get a “shared file” message?+

Can isolation replace email security?+

References.

Keep exploring

All guides

All browser threats

Secure apps directory

AI security guides

Your agent needs its Legba.