Back to Basics: Spear Phishing

Bas van Nunen May 07, 2014 Security

"Spear phishing" is a scam that specifically targets your employees, sending personalised emails with fake information that appears legitimate to defraud your business.

Scammers will go to efforts beyond normal phishing emails by posing as employees, managers or organisations your business may regularly interact with. Their intention is the same as typical phishing attacks, to compromise your IT security and use your financial details for fraud.

Due to its targeted nature, attacks can be convincing and hard to detect. An IT security expert visiting the US military training school West Point caught out over 500 students by sending an email with a link offering to verify their grades. Over 80% of them opened the link and in the case of a real attack would have likely compromised their systems to malicious software.

What should you look out for?

  • Urgent emails about business matters you haven't heard of
  • Messages concerning business matters from unfamiliar email addresses
  • Links or attachments in the email asking you to do an action. This may include downloading and opening a file, submitting usernames and passwords, providing financial details, etc.
  • Details of previously unknown potential legal action against your business

General Tips:

  • Verify the authenticity of an email by consulting with other employees, try to avoid forwarding or sending the contents of the suspicious message
  • Check that any webpage that wants you to submit data is encrypted and has a valid digital certificate. Look for 'https' in the address bar and click the padlock icon to view its certificate
  • Ensure your antivirus and firewall software is up-to-date
  • Never provide information if you are suspicious of an email
  • Never click on email attachments from unknown senders

To find out more on spear fishing see helpful explainers from SecuritySearch and the ACCC's SCAMwatch.

Recent Posts

New call-to-action

Subscribe to our Newsletter