ITS Service Desk

What is spear phishing and how can I manage it?

It's a fact of life. Most emails that we receive are junk. Just look at your Spam folder some time and see how much of that junk Gmail is filtering out for you. But if a junk message gets through to your Inbox, what should you do? The answer to that depends on what you see.

In this series of articles, we'll address several kinds of unwanted email. It's important to understand the differences and how to handle each.

Spam | SpoofingPhishing | Spear Phishing | Gmail Warnings

Spear Phishing

Spear phishing is a combination of a couple of the techniques mentioned above, making it even more devious. Let's start with a quick example of a real email received by an SNC employee:

From: Scott Crevier <>
Date: Wed, Feb 6, 2019 at 9:23 AM
Subject: Bank Account Update
To: <>

Hi Betty,

I changed my bank and I'll like to change my paycheck dd details, can the change be effective for the current pay date?

Scott Crevier

(The "To" address in the above email has been changed for purposes of this article.)

This is a spear phishing email because the sender has done a little homework and figured out that if they make the email appear that it came from a trusted fellow employee, the recipient may respond to it. In other words, it's a highly focused phishing attack using some knowledge of the company. Fortunately, the employee noticed right away that the email came from an AOL account, which is highly unusual for an email from a coworker.

Another example might an email from your boss or a vice president asking for a financial report or some info about an employee. Again, not only is the sender name familiar, but the content of the email may also seem familiar to your job.

The easiest way to verify an email like this it is to just pick up the phone and call the sender.

What To Do

DON'T just delete the email. This can make the situation worse, because a phishing email got through without being filtered, and the senders will then continue to send more.

Google provides this helpful article with more information:

≫ Avoid and report phishing emails

Have more questions? Submit a request