Skip to main content

How to Avoid Falling for Spearphishing Tactics

Tips and Resources

Many of us are familiar with phishing attacks. These broad-based emails typically come across as spam. They are sent out by the millions every day, promoting get-rich schemes or promising to send you money if only you share your banking info.

Spearphishing is much more targeted and personalized toward individual recipients. A scammer will scrape information from publicly available sources and tailor a message designed to build trust. Spearphishing emails typically seek to 1) gain login credentials; 2) plant malware on a target’s computer by encouraging the recipient to click on a malicious link or download a virus; or 3) convince the target to send the scammer money via a faked invoice or other means. Variants of the attack include using text or voicemail to fool the target.

Indicators of a Spearphishing Email

Since the scammer seeks to elicit trust in the victim, emails typically include the person’s name. Sometimes they are personalized down to departmental detail and other nuggets easily found on the web. In extreme cases, the scammer may scrape social media for even more personal info and work it into the message to create the illusion of actually having met with the target personally. Spelling errors and odd phrasing might indicate a non-English speaker wrote the email, suggesting an overseas scammer.

Be on the lookout for these common characteristics of a spearphishing email:

Spearphishing can involve a fake email from your supervisor asking for money to be sent somewhere, or a family member asking for funds, or a government agency or utility demanding payment.

Countermeasure: Online money requests should be an automatic red flag and require considerable additional verification on your part. Think before you spend. Would a person or agency really need to send a very overdue payment request or invoice via email? Call and verify with someone. Walk down the hall and speak with a supervisor face-to-face or call them on their personal number. If dealing with family members, speak with them directly and glean more details about where and why you are sending money.

Often spearphishing tries to make victims respond quickly, giving them little time to think through their actions. Scammers pretending to be a relative might say they are in jail and need to be bonded out right now. Fake billing companies will insist an invoice is 90 days overdue. Someone pretending to be a utility company representative might threaten to turn off your electricity later today if payment is not received right now.

Countermeasure: Try to call and speak to someone on the phone directly by dialing the listed number. For instance, find the number to your local utility company and ask to speak with someone about your account. With fake companies, check with your supervisor and with others who may have required their services. Look for invoices elsewhere. If the payment is really late, there should be an established paper trail going back several weeks, and someone in your department should know about it. If dealing with a family member, try to call them directly, and call others who are close with them to confirm the situation.

These may include things other than purchase orders, checks or credit cards.

Countermeasure: Anyone asking for payment in gift cards or Bitcoin is automatically suspect. Gift cards in particular are difficult for law enforcement to track and irretrievable once you give out the numbers.

A scammer may scrape social media and other public sites for details that can be used in a spearphishing attack to generate a sense of trust or the appearance of familiarity.

Countermeasure: Guard the information you post on social media. Even professional sites such as LinkedIn might be prime hunting grounds for personal material gathered by scammers. And don’t trust someone just because they know personal details that have been posted online.

Take advantage of the opportunity to explore different majors during your first year of college. Attend classes, meet with professors, and talk to current students in different majors. You may discover a major you didn't consider before or find that your interests have changed.

Tips and Resources Home Top Five Reasons Your Journey to Success Begins at Blinn College-Bryan The Top Reasons to Earn Your Associate Degree in Psychology at the Blinn-Bryan Campus Why You Should Consider the Blinn College-Waller Campus The Top Reasons to Study Web Programming at Blinn College Beware of QR Code Scams Why You Should Earn Your Fire Safety and Health Degree at Blinn College Launch Your Business Career with a Degree from Blinn College-Bryan Unlock Your Potential with an Associate of Arts in Liberal Arts at Blinn College-Bryan Shape Minds and Inspire Futures: Earn Your Education Degree at Blinn College-Bryan The Top Reasons to Earn Your Associate of Science in Biology at the Blinn-Bryan Campus Why You Should Consider a Clinical Medical Assistant Career Tips for college students to manage stress How to Avoid Falling for Spearphishing Tactics Tips for transferring to a university How to get involved and make new friends in college How to choose a college major Top five reasons to complete your FAFSA Anatomy of an Email Scam Tax Season Tips Top Reasons to Become a Professional Truck Driver How to Keep Your Private Information Safe Top Reasons to Attend Community College Tips for Success During Final Exams Why You Should Consider a Skilled Trades Career Tips for a Successful Semester Top Reasons to Live on Campus Tips for Taking Online Classes