Always follow your organization's official security guidelines when reporting suspicious emails.
What is Spear Phishing?
Spear phishing is a type of phishing that targets a single organization or a single person within an organization, using open source intelligence (OSINT) information to become more convincing and less detectable.
Elements of Spear Phishing
The following elements are often found in spear phishing attacks:
- A sense of familiarity (using organization news, logo or other familiar element)
- A required action (e.g. clicking on a link, download attachment, sending information)
- Appealing to curiosity, or threatening
- Sent from a high ranking official in the organization
- Sent to a high ranking official in the organization
What should I do if I receive a spear phishing email?
If you receive and email like this, especially from someone from your organization, please stop for a moment before clicking links or opening attachments.
Verify the sender has actually sent you a valid email by contacting them outside of email or instant messaging.
If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (Skype, Slack) is not a safe option.
Always try to get a face to face or over the phone confirmation.
Report the email with the Hoxhunt button, read more here: Reporting Suspicious Emails (Phishing or Spam)
Read more about the origins of phishing and spam as well as how to tell the difference between the two: Phishing v Spam - What is the difference?
Always follow your organization's official security guidelines when reporting suspicious emails.