What is Spear Phishing?

Spear Phishing is a form of Social Engineering. It may be defined as ‘highly targeted phishing aimed at specific individuals or groups within an organisation’.

Due to the amount of information that can be found freely with just a little digging around online from sites like LinkedIn, Facebook and company’s own websites it is possible to add convincing details to Phishing scams. Spear Phishing emails, for instance, may refer to their targets by their specific name, rank, or position instead of using generic titles as in broader phishing campaigns.

This type of scam is now becoming much more abundant, a 2016 Verizon Data Breach Report states that over 80% of malware infestations are delivered in this targeted way.

Security tips

  • Verify the request. Make a call to the genuine sender, ask if they have sent you an email and what it was.

  • Question all email requests. Avoid responding to the request, do not give any information in reply.

  • Have protocols for accounts teams to follow before issuing payments