Protect Yourself from Spear Phishing

Not to be confused with an aquatic hunt on a tropical vacation, spear phishing is a targeted cyberattack toward a specific individual or organization with the end goal of receiving confidential information for fraudulent purposes.

Spear phishing is an ultra-targeted phishing method whereby cybercriminals — or spear phishers — pose as a trusted source to convince victims to divulge confidential data, personal information, or other sensitive details. The cybercriminal will then use this information for malicious purposes, including identity theft or data breaches.

Spear phishers often prey on their victims via targeted emails, social media, direct messaging apps, and other online platforms. And the strength of these cyberattacks is that they’re tailor-made for victims and grounded in quality over quantity.

Spear phishing vs. phishing

Spear phishing is different from phishing in that it’s a cyberattack toward a specific individual or organization, whereas phishing is a more generic, automated cyberattack that’s attempted in one sweep of a large group. You might think of phishing as casting a wide net over a school of fish, whereas spear phishing is using a spear to catch one single fish.

Phishing emails might be sent to hundreds of recipients simultaneously with little customization. Spear phishers, however, will pose as a friend, boss, family member, or enterprise to gain your trust and fool you into giving them your information. These emails are well-researched and personal, making it harder to distinguish between what is real and what is fake.

The intent of phishing and spear phishing is the same — acquiring confidential data or sensitive information for malicious purposes. Still, victims can be more susceptible to a customized experience, which in this instance is spear phishing.

Three examples of spear phishing

Executive leader fraud

Malicious attachments

Ransomware

an example of a ransomware email represents one spear phishing technique to know

What you can do about it

If you should encounter any emails that appear to be a spear phishing attempt, use the Phish Alert Report in Microsoft Outlook!

After clicking the Phish Alert Report, a response should be sent to that employee within 24-72 hours.

NOTE: If you are not receiving one the following email responses, try checking your “Junk” folder.

If your email is considered SPAM, the original message will be returned to you in the form of an attachment. (See above)

If you are notified that the email is considered phishing, the original email will NOT be attached.

If your email is NOT phishing or SPAM, you will receive notification and the original email will be attached to the response.