Spearphishing is a highly targeted form of phishing, which is an email that is made to appear to come from a friend, colleague or business you are familiar with. If phishing is putting your hook into the water hoping anyone bites, spearphishing is knowing what type of fish you’re looking for and using known information on the fish to reel them in. This will generally appear as an urgent looking email, and will either ask you for sensitive information and/or link to malicious content.Please note: Adelphi’s IT Help Desk representatives and network administrators will NEVER contact you by email or phone, asking you to reply with your username, password or other sensitive information.
Examples of What to Look For
Spearphishing emails will appear to come from a trusted source. When checking your email you should pay attention to every detail, especially if something seems out of the ordinary. If your English professor sends you an email in broken English with an attachment, it’s most likely a spearphishing attempt.
Normally these emails will mention some type of urgency or haste, and request that you act on something immediately. This is done purposefully so that you’ll be less likely to thoroughly read and examine the email.
Some attempts may be incredibly deceptive. Someone posing as your professor may send a link and tell you your grade on a recent midterm is available, and the only “mistake” could be in the email address, but otherwise look legitimate. Be careful for emails that are firstname.lastname@example.org vs email@example.com. That zero instead of an O could be the difference between a real email and a phishing attempt.
Other attempts may come from a trusted business, or a business you have recently interacted with. As an example, you may receive a spearphishing email from your bank that is disguised as an account inquiry or a notification to change your password. Sometimes the email address itself will appear to be legitimate, but looking further will prove that it is fraud.
The example shown here is an actual address, but notice how both the name and email address are shown. Someone would be able to change their name so that it would appear that “IT Work Order Support” is emailing you, but have a fake email address. If something seems “phishy”, check the details of the sender by clicking the drop down arrow next to their name (Gmail) to see who is really sending the message. Look for the small details. Someone could have the email “firstname.lastname@example.org” that looks official at a quick glance, but that missing letter makes a world of difference.
Beware of how specific a message is. If you receive an email from Amazon or another business, and the messaging says “Dear Sir/Madam” and not “Dear Your Name”, that is something that could indicate phishing.
Be aware of any links in a suspicious message. If you receive an email from Adelphi that looks official, but there is a link to a website you’ve never heard of, do not open it. Similarly, be careful before opening any short links from emails as well.
What to do if You Believe You Have Been a Victim of Phishing?
What are the possible consequences?
If you are a victim of a phishing, the attacker could potentially have access to a ton of your information. Passwords could give them access to bank accounts or social accounts, and could even leave you open to identity theft.
Protecting your information is of utmost importance. Remember that Adelphi and most other establishments will NEVER ask you for any type of username or passwords through email. If you receive a suspicious request make sure to contact the proper organization, friend or colleague (not by replying to that email) to confirm everything before moving forward.