Topics Map > Security
Topics Map > Campus Services > E-mail
Security -- Spear Phishing
Explanation of spear phishing, as well as how to spot and handle the messages.
In general, “phishing” refers to any attempt to con you out of your money, access, or identity by tricking you into providing sensitive information, such as your password or bank account number. “Spear phishing” is a sub-set of phishing wherein the predator targets a specific organization or individual by spoofing someone related to or from within the organization.
Once responded to, follow-up messages from the predator may ask you to send wire transfers, gift cards, or even charge items on your P-card or personal account.
How
to spot a spear phishing attempt
Spear phishing attempts may have one
or more of these characteristics:
- Appears to come from a valid name/email address (your
boss, a colleague, a trusted contact)
- Includes full signature block of same trusted contact
- Appears to come from a trusted contact but uses a
non-UW-Platteville email address (adm.e@ec.rr.com)
- Contains a short, urgent message for the purpose of
initiating contact, e.g. “Got a minute?”
Responding to a seemingly harmless message will likely lead to follow-up messages from the predator asking you to send wire transfers, gift cards, or even charge items on your P-card. They may also ask you to share your personal phone number or other information. DO NOT COMPLY.
NOTE: Spear phishing is not limited
to email. Phishing attacks occur via phone, text, apps, social media, and
even snail mail.
Handling
the suspicious message
The guidelines for handling a spear
phishing message are the same for all suspicious messages:
- Ask yourself, “Does this request make sense? Would this
person say this?”
- DO NOT REPLY to the message; likewise, do not open any
attachments or click any links
- Contact the alleged sender directly via telephone
(recommended) or using their official UW-Platteville email address
(although that account could be compromised as well)
- Report the incident to the ITS Help Desk at helpdesk@uwplatt.edu
For additional information on
phishing, check out these campus resources:
- Video: Phishing at
UW-Platteville
- Annotated samples of real-life phishing attempts in the ITS Knowledge Base
- Example phishing email exchange with explanations
If you have questions about spear
phishing or information security on campus, please contact the ITS Help Desk at
608.342.1400 or helpdesk@uwplatt.edu.