What is spear phishing?

Issue:

What is spear phishing? How does it differ from other forms of phishing?

What should I do if I get a spear phishing email? How do I report spear phishing to IT?

 

Audience:

CofC faculty and staff

 

Environment:

Email

 

Cause: 

Phishers target specific individuals or groups

 

Resolution:

What is spear phishing?

Spear phishing is a phishing method that targets specific individuals or groups within an organization. Some examples of spear phishing at the College of Charleston are emails that attempt to impersonate your supervisor, a dean, a Chair, a VP, or even a group such as Helpdesk or Service Desk. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals, spear phishing focuses on specific targets and involve prior research.

The email includes information specific to the target, including the target's name and rank within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment.

Source

 

What should I do if I get a spear phishing email?

  1. Do not respond to the email, click on links in the email, or open any attachments.
  2. Report the attack to Microsoft, just as you would any other phishing attempt
  3. Also report it to your IT Department by submitting a Phishing Attempt form. IT will work to purge messages and begin account remediation steps if it is necessary.
  4. Once that is done, delete the email.
  5. If you mistakenly clicked on any links or opened attachments, you should also:
    • Scan for Malware
      • College-owned computers: Submit a Virus Analysis request for your computer to be scanned for malware. Virus Analysis can only be done on college-owned computers.
      • Personal computers: If this happened from your personal device, use your anti-virus software to run a scan. If you do not have anti-virus software, you can do a free 14-day trial for Malwarebytes. The download is available from their website, https://www.malwarebytes.com/for-home. (Please do not install Malwarebytes on any college-owned device. This would be a violation of licensing.)
    • Reset your password using Self Service Password Reset.

 

Do you still need help?  Create a support ticket and a Service Desk technician will contact you. 

 

 

Details

Article ID: 141342
Created
Fri 2/11/22 11:45 AM
Modified
Fri 2/11/22 11:51 AM

Related Articles (3)

This article provides further information on how to report phishing to Microsoft.
How do I know if this email is phishing or if it is spam?
How to recognize signs of an email phishing attempt.