7 Warning Signs of a Spearphishing Email

As online threats go, spearphishing is one of the hardest nuts to crack. Unlike traditional forms of phishing, which generally stick to unsolicited emails from unknown senders, the creators of spearphishing operations take a different and much more nefarious approach.

What sets a spearphishing email apart from other types of online attacks is its specificity. These emails may be bogus, but they appear to come from legitimate sources. To make matters worse, spearphishing emails often target key decision makers at businesses, making their potential impact that much worse. Instead of targeting the customer service representative, the typical spearphishing email might target the CEO in the corner office.

Whether you are one of those key decision makers or part of the IT staff charged with keeping them safe, it is important to recognise the warning signs of a potential spearphishing email. At first glance, these emails appear to be legitimate, but if you look hard enough, you may be able to pick out some telltale giveaways. Here are seven key things to look for when evaluating the legitimacy of an email.

1. Requests for login information – Legitimate emails will not ask for things like usernames and passwords. If you receive an email asking for this personal information, you should immediately suspect a spearphishing attack.

2. Misspelled names – The perpetrators of spearphishing attacks often buy lists of potential victims, lists that are compiled from business directories and public directories. As a result, the lists often include misspelled names and other errors. Look at the salutation carefully to make sure your name is spelled correctly.

3. A threatening tone – Some spearphishing schemes try to scare their recipients with threats of arrest and even jail time. From emails claiming to be from the IRS to messages appearing to come from law enforcement agencies, these attempts to frighten can be very effective.

4. Embedded links – The presence of embedded links is another common thread in spearphishing emails. If you suspect that a link is dangerous, do not click it and contact the IT department right away.

5. Generic salutations – While some sophisticated spearphishing operations tailor their salutations to each recipient, most use generic salutations instead. Watch out for generic salutations like “Dear reader”, “Dear email recipient” or “Dear member”. If the sender really knows you, they will know how to address you properly.

6. Unsolicited urgent emails – If there is an urgent situation happening at your company, you will probably know it before the first email arrives. Watch out for unsolicited emails that claim to be urgent, especially if they ask for personal information or ask you to click an embedded link.

7. A familiar template – Many spearphishing perpetrators use generic templates to create their messages, and this generic nature can be a clue. Proceed with caution if you spot a boilerplate template in a supposedly handcrafted email message.

Spearphishing attacks are on the rise, and these dangerous emails are not going away anytime soon. These targeted attempts to gather personal information and compromise security create real challenges for IT staff, busy executives and others throughout the business world. For now, the best defence is recognition, starting with the seven warning signs that a seemingly legitimate email message is not what it appears to be.