How has your business overcome spearphishing?

Mail spam attacks are getting more and more personalized and targeted. The phishing process used to require a human but now its automated. The typical red flag such as misspelled words has been less frequent.

Let’s take a moment and define spearphishing: Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cyber criminals may also intend to install malware on a targeted user’s computer. Kaspersky Labs


  • Gmail password change request from a bogus gmail account
  • IRS email
  • Credit Card Company request to avoid a service interruption
  • PayPal email address added please verify
  • confirm your email – URL leads to an unknown location
  • you have an unpaid invoice, download or click this link

Spearphishing can appear to have been sent by a company executive from your place of business . It usually looks legitimate and always urgent. Often it is requesting that you pay certain invoices or transfer funds immediately. This can be confusing if you are in Accounts Payable and you have not worked out a process on how to handle urgent money transfer requests.

What is the intent?

  • install destructive Malware
  • install Spyware that waits to see how you access your private information
  • dupe a company employee to transfer money

What kind of defense can be used after the email has arrived at your organization? Security-awareness training for employees reduces the likelihood of a user falling for spear-phishing emails. Spearphishing training educates users on how to spot phishing emails based on suspicious email domains or links enclosed in the message, as well as the wording of the messages and the information that may be requested in the email.

Ray Lunaburg – https://loopadvisors.com/spearphishing