What is Spear Phishing?

Spear Phishing is a type of phishing attack that is specifically targeted to an organisation.

It's usually a ploy to extract confidential data; financial details, logon information, intellectual property, etc.

It could be an attempt to steal usernames and passwords to systems or network, the email might appear to be from the organization's helpdesk team - once any details have been captured the organizations systems/network would be compromised.

If you aren't careful you may put your company at risk.

What you can do

• Be wary for any requests for confidential information (usernames, passwords) or requested to verify log in details. These attacks may well appear to be coming from a contact you know.
• Hover over any links in the email (in outlook) to see where the link is actually going to take you, just because a link looks like it's going to a trusted url you might find it really links elsewhere. e.g. the link might say www.hsbc.co.uk but when you hover over it it might say something like www.hsbc.untrustedDomain.co.uk. [Example]
• Warn you colleagues or staff that such attacks can occur and to be vigilant. Sending them a link to this website.

Spear Phishing in the news

See how "Spear Phishermen" are targeting ebay sellers in an attempt to defraud them - read more