What is Spearfishing?

Spearphishing is a targeted email attack that goes after individual victims, such as employees within a business. A hacker will reach out to employees via a phony email (often meant to appear to come from within the organization) to attempt to steal proprietary information or money. Human Resources and Accounting teams are often targeted due to their access to sensitive data, while at the same time, HR and IT departments are often those spoofed as employees are more likely to believe requests from them.

How to Recognize This Threat: Look for unusual requests made via email, such as requests to confirm a username or password, or to provide other sensitive information outside of normal protocol. Spearfishing attacks often include bogus links, so examine any links closely before clicking on them.

How to Prevent This Threat: Train employees to look for the signs of an attack and develop protocols for any release of sensitive information. To protect your network, ensure email security is in place to flag messages that come from outside the organization while also monitoring for suspicious language, links, or attachments in emails.