Spear phishing effectiveness comes from personalization — using researched details (recipient's name, manager's name, recent project, specific technology) to make emails convincing and contextually relevant.
Generic phishing has ~3% click rate. Personalized spear phishing can reach 30-40%. AI-generated spear phishing is dramatically more scalable now. Defense: security awareness with targeted phishing simulations, email authentication (DMARC).