RIT Information Security Education: Phishing and Spear Phishing

The Difference Between Phishing and Spear Phishing

You’ve seen us mention both phishing and spear phishing in alerts and advisories. Here’s a look at the differences.


Phishing attacks are typically emails sent to a wide target audience with the intent of acquiring login credentials, account numbers, Social Security numbers, or other Private Information. The goal of the attackers is to commit Identity Theft. Although it used to be quite easy to identify the attacks because of poor grammar and other “telltales,” the attacks have become more sophisticated. It’s now possible for an attacker to purchase tool kits to create high quality phishing attempts.

The 2015 Symantec Internet Threat report (http://www.symantec.com/security_response/publications/threatreport.jsp) estimated that 1 in 965 emails were phishing attacks. You will see similar phishing attacks, both at RIT and at home.

The example below is from Millersmiles.co.uk, a company that curates phishing examples. The key telltales are the generic salutation and malicious link.

[[{"fid":"1241","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false},"type":"media","field_deltas":{"1":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false}},"attributes":{"height":"582","width":"638","class":"media-element file-default","data-delta":"1"}}]]

Spear Phishing

Spear Phishing attacks target specific groups. The groups may be large (Hilton Honors members) or small (a specific department or individual). Spear phishing is more difficult to identify than a typical phishing attack. The email may be addressed to you specifically and may contain information that makes it appear to be valid, such as information that pertains only to the target audience. The links, although masked as in the phishing example, often go to websites that mimic an official website. (Remember, the use of institutional branding on the website does not mean that the website is legitimate.) The emails may also have malicious attachments.

In the example below, callouts identify some of the telltales that make it easier to identify the suspect email as a spear phishing attempt. These telltales include use of a generic addressee, spelling errors, and a link that goes to an external website. (Identify where a link actually goes by hovering your cursor over the link. You’ll see a popup like the one in the example.) You’ll also note that the sender “Edu Help Desk” is a generic sender not associated with RIT. Additionally, the RIT Information Security Signature Standard requires sufficient contact information for the sender to establish that the email is legitimate.

[[{"fid":"1251","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false},"type":"media","field_deltas":{"2":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false}},"attributes":{"height":"316","width":"918","class":"media-element file-default","data-delta":"2"}}]]

RID RIT of Phish

  • REPORT the phishing attempt to spam@rit.edu
  • INSPECT your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
  • DELETE the phishing attempt


For More Information

  • For more information about detecting Phishing, please visit the RIT Information Security Phishing page.


REMEMBER: RIT and other legitimate businesses will NEVER ask for your password through e-mail.

Quick Infosec Tip: Phishing is a plague that claims victims worldwide. Do your part to help keep RIT and your colleagues safe by remaining vigilant and recognizing threats as the appear.