Always follow your organisation's official security guidelines when reporting suspicious emails.
What is Spear Phishing?
Spear phishing is a type of Phishing that targets a single organisation or a single person within an organisation, using open source intelligence (OSINT) information to become more convincing and less detectable.
Elements of Spear Phishing
The following elements are often found in spear phishing attacks:
- A sense of familiarity (using organisation news, logo or other familiar element)
- A required action (e.g. clicking on a link, download attachment, sending information)
- Appealing to curiosity, or threatening
- Sent from a high ranking official in the organisation
- Sent to a high ranking official in the organisation
If you receive and email like this, especially from someone from your organisation, please stop for a moment before clicking links or opening attachments. Verify the sender has actually sent you a valid email by contacting them outside of email or instant messaging.
If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (skype, slack) is not a safe option. Always seek for a face to face or over the phone confirmation.
Always follow your organisation's official security guidelines when reporting suspicious emails.