Cibersecurity Newsletter

Spear Phishing

Did you know… 88% of organizations have reported the occurrence of Spear Phishing attacks in 2019?

Have you got any e-mails or any other type of suspicious digital communication where:


The beginning of the body of the text was personalized with your name?


There were references to friends, colleagues, or people in your organization?


There were references to projects or proposals where you were involved?

Spear Phishing is directed to specific targets, whether they are individuals or organizations.
It usually occurs via e-mail and aims to lead victims to disclose sensitive data or access malware. For the communication to appear reliable, attackers extract and use information available online, concerning the organization or people involved in the communication, therefore creating a false sense of credibility and security in the recipients.

Learn how to act to protect yourself:

1. Be aware of fake senders


Always analyse the sender of the communication your received, because there’s a chance that the communication has been tampered to look like a communication from a trusted entity, partner, or user


Look for subtle manipulations in the sender, such as replacing the letter “o” by the number “0”, the letter “w” by the Russian alphabet letter “ш”, or the use of the letter “I” instead of the letter “l”


Make sure that the top domains are the domains of the organization that sent the communication


2. Be thorough and think before you act


Reflect about what is being asked. In the event it involves any sensitive personal or professional information, never disclose such information via e-mail


Never make any type of payment, even if the request seems urgent. In a work setting, report and review this type of situations with the financial department of your organization


Validate the need for these requests made via e-mail by using an alternative mean, whenever possible


In case of doubt, do not follow the instructions in the suspicious communication and report it to the security team of your institution, avoiding risks


3. Step up your attention to content, software, and devices


Do not click on links, visit, or log into websites that are embedded in the e-mail body without making sure they are secure (learn how in point 2)


Do not download attachments from suspicious e-mails to your devices. Malware can be attached under different formats and also as links, often from legitimate websites, because they are less likely to be blocked by the technical controls that are implemented


Keep security software of professional and personal devices up to date, therefore shielding them from a wide variety of threats


Update your credentials regularly and be strict about password quality, therefore decreasing the risk of your account being used to enable this type of attack


At the organizational level, implement technical controls for the inspection and filtering of e-mails in e-mail servers and endpoint devices








Subscribe our newsletter.

Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.