What is spear phishing?
Spear phishing is an email that appears to be from, an individual or business you know, but is actually someone disguising themselves in an attempt to get you to send sensitive information via email. Spear phishing attacks are targeted and specific, and you may even recognize a person's name, email address, or WSU department in the email. You may also see the Wright State logo within the email. These emails often target an individual based on their job and the type of sensitive information (human resource data, payroll and financial information, etc.) regularly accessed by their position. This is different from a normal phishing attack, which is broad and targets a large number of users.
How do I spot a spear phishing email?
- Look for spelling errors, especially in the subject line.
- Watch for generic titles for the addressee. Instead of your name, you'll see "Attn. Email User" or "WState Employee".
- If there are links in the email, they may look like the official Wright State links. However, by hovering over the link you'll see that it goes to an external, non-WSU site.
- If you think you have been a target of a spear phishing attack, contact the CaTS Help Desk for further assistance.
As a best practice, Wright State employees should never send an email that contains sensitive information or request this of others.
For more security tips, best practices, and guidelines, visit the Information Security website.