What is Spear Phishing? (Hint; it is on your computer, not in the ocean…)

Aug 08, 2018

Hello all. We have had many questions over the last month concerning this issue so I am circling back to talk about the two types of phishing, what it looks like, and the consequences of falling for it. Be studious in your email reading and execution is the bottom line! No tool or protection can prevent you from reading an email and engaging that email by filling out information within it or within a webpage. Lets begin.

What is Spear phishing? Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

This is how it works: An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims’ attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.

Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.

Traditional security doesn’t stop these attacks because they are so cleverly customized. As a result, they’re becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments and even nonprofit organizations. With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox.


Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information. Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. The attackers often disguise themselves as a trustworthy entity and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).

Unlike spear-phishing attacks, phishing attacks are not personalized to their victims, and are usually sent to masses of people at the same time. The goal of phishing attacks is to send a spoofed email (or other communication) that looks as if it is from an authentic organization to a large number of people, banking on the chances that someone will click on that link and provide their personal information or download malware. Spear-phishing attacks target a specific victim, and messages are modified to specifically address that victim, purportedly coming from an entity that they are familiar with and containing personal information. Spear-phishing requires more thought and time to achieve than phishing. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and to increase their chance of fooling recipients. Because of the personal level of these emails, it is more difficult to identify spear-phishing attacks than to identify phishing attacks conducted at a wide scale. This is why spear-phishing attacks are becoming more prevalent.

Bottom line, question every email you get. Email platforms work very hard to block and prevent these type of emails, however it is impossible to prevent because other then intent, the email itself has nothing attached that is malicious. What are ways to dodge the issue? Do not click links within emails if possible. If you bank with Chase, and get an email from them, never click a link within the email. Simply open your browser and go to Chase.com. This removes the email from the issue. Also, do not be afraid to verbally confirm a request with someone. For instance, if you wire money frequently and receive an internal request, shoot a text to that person to verify the request or pickup the telephone and verify. This is a step you will not regret, especially if you are being scammed.

As always, The Nerds are here to save you. If you need Computer repair, IT Support, IT Service or Managed Services in Austin or in San Antonio, Call 877-250-8575 or you can book online by going to NerdsinaFlash.com and click the “Book Now” button in the upper right hand corner.

articles Kaspersky and Digital Guardian

[ssba]   Previous Next