Spear phishing is a very common form of fraud used by cyber criminals where the attacker tries to find out information such as login credentials or account information by pretending as a reputable entity or a person by using email, instant message or other communication channels. What is Spear phishing? Spear Phishing is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Unlike generic phishing emails, spear phishing is a targeted attack. Cybercriminals craft personalized emails that appear to come from trusted sources (such as a colleague, manager, or known partner). The goal is to trick you into clicking malicious links, sharing sensitive information, or opening infected attachments. Common Signs of Spear Phishing Unexpected emails / whatsapp mcalls/ messages requesting sensitive data or urgent actions (e.g., wire transfers, password reset). Slightly misspelled email addresses resembling legitimate ones. Unusual language or tone not typical of the sender. Links or attachments from unfamiliar sources. “Too urgent” or emotionally manipulative content (e.g., "Act now or account will be locked"). How does it work? The "phisher" falsely claims to be an established legitimate enterprise and uses email to direct the user to visit a website, where they are asked to update personal information such as passwords, credit card and bank account numbers. These websites are bogus or fictitious websites, created to look like the real ones. But the motive is to steal the user's information. Ways to identify spear phishing attack The user needs to seek answers to the following questions when they receive an email with a suspicious link or attachment, to identify if it is spear phishing. Who is the sender? User who is usually an employee should verify with the source whether it has definitely come from said person. Is the style of writing consistent with the sender? User/ employee should have keen eye to observe and analyze if the approach made by sender is familiar one or is it something different. Does anything appear unusual about the tone, spelling or urgency of the email? User needs to assess if there is an unusual request or urgency expressed in the mail for some details or information. Is the request irrelevant (e.g., to open a file the user wasn’t expecting)? User should assess if the request made is relevant or irrelevant and one that seems fishy/phishy. Have other colleagues received a similar email? Cross verify with other colleagues if they have received similar mails. What You Should Do Limit sharing personal information in mail forums or any other social media platforms. The more personal details share it is easier for cyber attackers to craft a spear phishing email that appears relevant and genuine. Support organization’s security efforts by following the appropriate security policies and making use of the security tools that are available, such as antivirus, encryption and patching. Pause and Verify – If something feels off, it probably is. Verify phone numbers or via alterate phone numbers or separate email thread. Do Not Click Suspicious Links – Hover over links to preview the URL before clicking. Do Not Share Credentials – No legitimate request will ask for your password over email. Report Immediately – Forward suspicious emails /mesaages to your local organisational IT teams Source : Stay Safe online portal