How to Spot a Spear Phishing Attack

There's phishing and then there's spear phishing, but what's the difference? Well, spear phishing is an email that appears to be from an individual or business you know. Where phishing attacks are broad and target everyone, spear phishing attacks are targeted and specific, making them trickier to spot. Spear phishing emails can target large groups, like the Hilton Honors members, or small groups, such as a specific department or individual. Spear phishing emails can address an individual specifically and can even contain information that makes it look real and valid, such as information that may only pertain to you or a specific audience. They can contain links to official looking websites, but it's important to remember that institutional branding on a website does not mean it's official! Despite being trickier to spot, there are still some signs to identifying a spear phishing attack. Let's take a look at one and identify some of the key indicators.

[[{"fid":"704","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":"spear phishing example","field_file_image_title_text[und][0][value]":"spear phishing example"},"type":"media","attributes":{"alt":"spear phishing example","title":"spear phishing example","style":"float: right;","class":"media-element file-default"}}]]You'll notice in this email the official looking email address from the sender. This is common in spear phishing emails, making them trickier to spot than traditional phishing emails. The first thing that does stand out as an indicator in this email, is the spelling error made in the email subject line. This should raise immediate red flags when clicking the email.

Another strong indicator is the generic addressee title. Email User, Valued Member, Customer/Client are all examples of generic addressee titles that could be used.

The last sign, and key indicator, is the official looking disguised link that goes to a malicious page. You can see in the example that by placing your cursor over the link a pop-up box shows the link's real address. Remember, if it looks sketchy don't click!

If you happen to fall for a spear phishing attack and give out information or click on a link please follow these steps: send a copy of the email to, delete the phishing email, change your password, and scan your system for viruses and spyware. Report the situation to your Help Desk (Resnet, SCOB, NTID, ITS) as soon as possible.

For additional resources and information please check out: