Spear Phishing

Spear Phishing 2[credit]

Event: Run
Influence: 3

Make a run. When you encounter the innermost piece of ice protecting that server, bypass it.

Targeted attacks make system breaches so much easier, especially if you can spoof an authorized user.
Illustrated by Andreas Zafiratos
Decklists with this card

System Core 2019 (sc19)

#29 • English
Startup Card Pool
Standard Card Pool
Standard Ban List (show history)
Rulings
  • Updated 2017-05-02

    UFAQ [Michael Boggs]

    If the Runner encounters the innermost piece of ice multiple times during a Spear Phishing run (e.g. through Cell Portal or The Twins), do they bypass it each time?

    Yes.

Reviews

I've been playing with Spear Phishing quite a bit recently, and this card deserves a review, so it may as well be me who writes it.

Sometimes, a new Netrunner card is released that is totally unprecedented, and everyone scratches their head trying to figure out whether it's any good or not. Spear Phishing is not one of those cards; it's a bypass event, that's something that we've all seen and played with even as far back as the original Core Set. So the main question for a review to cover is: how does this compare with other bypass events, and should I play it in my deck?

The obvious comparison here is to Inside Job, the classic Criminal bypass card. Spear Phishing is very similar: 2 to play, three influence, you run as part of the same click and bypass one piece of ICE. So that's the comparison I'll be making; if you want to know how Spear Phishing compares to some other source of bypass or pseudo-bypass, you might as well use Inside Job as a common point of reference.

In order to make a fair comparison, we need to think about why we'd use bypass events in our deck. There are three common scenarios:

  1. It's early game, and there's a piece of ICE that we simply can't break due to not having appropriate icebreakers yet. Perhaps the opponent is rushing out an agenda behind an ETR barrier, or perhaps we want to get into HQ to trigger a "successful run on HQ" trigger. The server in question is likely to be lightly iced because it's early game, so a bypass event will probably let us straight in.
  2. Similar to scenario 1, but it's later in the game. The Corp is starting to build up a scoring server, and we can get through some of the ICE but not all of it. If we can bypass the appropriate piece of ICE with an event, we can use icebreakers, secondary bypass or pseudo-bypass to get through the rest of it.
  3. It's late in the game; we have a full set of icebreakers, and we want to get into some sort of monstrous server with heavy ICE. We don't need bypasses to make a run possible, but bypassing a large piece of ICE will make the run considerably cheaper, so we can use the bypass event as though it were an economy event.

Looking at the first scenario, we discover that Inside Job and Spear Phishing are effectively identical. This is in my experience the most common scenario (bypass events are more effective in the early game, so if you're playing a lot of them you're probably planning to win or lose before the late game happens). There's one ICE on the server; if the Corp rezzes it, it will be both the first encountered and the innermost (thus triggering either of the two bypass events), and if the Corp doesn't rez it, the situation is likewise symmetrical.

Spear Phishing does have a very slight edge in this situation, but it rarely comes up. If the opponent is using The Twins, then Spear Phishing will negate its effect (thus they'll probably choose not to use it, and you can get forewarned about what's about to happen for future runs), whereas Inside Job will run right into it. However, ever since The Foundry: Refining the Process rotated, you're very unlikely to see The Twins in a serious or even casual game. More relevantly, Spear Phishing will negate the effect of Ganked! on a 1-deep server, whereas Inside Job will run right into it; Ganked! is played sometimes, normally in combination with very spiky ice, and so this is enough of an edge to be worth mentioning (albeit not enough of an edge to really inform your deck choices).

The other two scenarios are where it starts to fall apart, meaning that Spear Phishing is definitely the inferior card. When the server contains multiple ICE, then Spear Phishing and Inside Job have different methods of choosing which ICE to bypass. Inside Job's is usually better, for three reasons:

  • Inside Job bypasses the outermost piece of rezzed ICE (because you don't "encounter" unrezzed ICE). So if you run at a 2-deep unrezzed server, the Corp will have to rez both pieces of ICE to avoid giving you a free run. Using Spear Phishing in the same situation, the Corp will have to rez the outer ICE to avoid giving you a free run, but will have the option to leave the inner ICE unrezzed, giving them more flexibility in how to spend their credits.
  • If you're playing bypass events, you're probably also playing fixed-location bypass or pseudo-bypass such as Boomerang or possibly Femme Fatale (Boomerang in particular is a very good card that's almost universally played in Criminal, and becomes better still in combination with bypass events). These are more likely to be targeting inside pieces of ICE than outside pieces of ICE (because they can only target ICE that was present at the time they were played, and ICE is installed inside to outside), so Inside Job is more likely to produce a powerful bypass of two pieces of ICE, whereas Spear Phishing is more likely to provide a redundant double-bypass of a single piece of ICE.
  • Corps normally install gearcheck ICE first, then supplement it with larger or spikier ICE later, so the inside ICE is more likely to be cheap to break than the outside ICE is.

The first of those reasons is a pure win for Inside Job. The other two are just statistical, though; for any given run, usually Inside Job will work out better, but sometimes Spear Phishing will work out better because the Corp installed their ICE early enough that you could choose where to place your Boomerang, or installed gearcheck ICE on the outside of a server rather than on the inside (perhaps specifically to play around Inside Job!).

Thus, Inside Job is better on average, but that doesn't mean that Spear Phishing is unplayable in formats with Inside Job legal; because it is sometimes better, this gives an incentive to play a mix of bypass events. If you have three Inside Jobs in your grip, it's preferable to having three Spear Phishings, but better still would be to have a mix of the two, so that you could choose which to use as appropriate; the two cards are similar enough that you'll usually make at least one bypass per game for which they would be equivalent, so being able to use Spear Phishing when it's right is more valuable than having to use Inside Job even when it's wrong.

The only remaining question, therefore, is what sort of mix you should run. If running one bypass event, obviously you'd prefer Inside Job. If running two, two Inside Jobs seems best; nothing says you're going to draw both of them, and you want to make sure that if you draw a bypass event, it's the better one. When running three bypass events, I think running 3×Inside Job is still the better option, but 2×Inside Job and 1×Spear Phishing is definitely a reasonable option.

Spear Phishing therefore comes into its own when you run a deck that wants four or more bypass events (for a highly aggressive Criminal deck, four is entirely reasonable; I've run up to seven on occasion, although two of them were more specialised than the general-purpose events compared in this review). You can't (legally) run four Inside Jobs, so you would be looking for alternatives anyway this point, and Spear Phishing is probably the best of the alternatives (at least, if you consider only alternatives within the same faction; you could make a decent argument that Compile would be the best or second-best bypass event if it didn't cost Criminals three influence). However, it's sufficiently good that I think a three-Inside Job, one-Spear Phishing mix would be preferable to four Inside Jobs even if the latter build were legal; the benefits of "maybe it is the inside ICE I want to bypass this time" outweigh the disadvantages of "maybe I don't draw an Inside Job in a situation where Spear Phishing is insufficient".

(Uprising era)

Great analysis. Particularly the fact that you highlighted Spear Phishing's advantages - I feel like this card gets a lot of flak just for not being Inside Jobs #4-6.

One suggestion I have would be to provide a summary at the very end, especially when you have a wall of text.