Explanation of spear phishing, as well as how to spot and handle the messages.
In general, “phishing” refers to any attempt to con you out of your money, access, or identity by tricking you into providing sensitive information, such as your password or bank account number. “Spear phishing” is a sub-set of phishing wherein the predator targets a specific organization or individual by spoofing someone related to or from within the organization.
Once responded to, follow-up messages from the predator may ask you to send wire transfers, gift cards, or even charge items on your P-card or personal account.
How to spot a spear phishing attempt
Spear phishing attempts may have one or more of these characteristics:
Responding to a seemingly harmless message will likely lead to follow-up messages from the predator asking you to send wire transfers, gift cards, or even charge items on your P-card. They may also ask you to share your personal phone number or other information. DO NOT COMPLY.
NOTE: Spear phishing is not limited to email. Phishing attacks occur via phone, text, apps, social media, and even snail mail.
Handling the suspicious message
The guidelines for handling a spear phishing message are the same for all suspicious messages:
For additional information on phishing, check out these campus resources:
If you have questions about spear phishing or information security on campus, please contact the ITS Help Desk at 608.342.1400 or firstname.lastname@example.org.