What Is Phishing?

It is the act of sending mass emails which appear to be from legitimate sources, but contain infected attachments or malicious links

What Is Spear phishing?

Though similar to phishing, it is a tactic threat actors use to send socially-engineered emails to specifically target individuals or groups based on their personal characteristics, interests or lines of work.

Spear phishing is effective because phishers create emails that seem genuine. They contain company logos or trademark information, the subject line is relevant, the message is pertinent. Given receivers’ desire to trust, it is easy for them to believe that these emails are legitimate and click on the links or open the attachments.

Malicious software can be contained in attachments such as PDFs, photos, office documents, as well as Web links that seem legitimate. Spear phishing creates opportunity for cyber compromises in any organization.

Who Is A Target?

Everyone can be a target of phishing and spear phishing emails. Those more commonly targeted include the following individuals:

• Senior executives and their assistants
• Help desk staff, system administrators
• Users who have access to sensitive information
• Users with remote access
• Users whose jobs involve interacting with members of the public

How Can You detect spear-phishing emails?

Though spear-phishing emails can be hard to identify, here are a number of proactive ways to avoid falling prey to them and triggering a cyber-incident. Before opening attachments or links embedded within an email, take the following steps:

• Make sure you know the sender of an email and that its tone is consistent with the sender.
• Make sure that the Web address or attachment is relevant to the content of the email.
• Make sure that the sender’s email address has a valid username and domain name.