In general, “phishing” refers to any attempt to con you out of your money, access, or identity by tricking you into providing sensitive information, such as your password or bank account number. “Spear phishing” is a sub-set of phishing wherein the predator targets a specific organization or individual by spoofing someone related to or from within the organization.
Once responded to, follow-up messages from the predator may ask you to send wire transfers, gift cards, or even charge items on your P-card or personal account.
How to spot a spear phishing attempt
Spear phishing attempts may have one or more of these characteristics:
- Appears to come from a valid name/email address (your boss, a colleague, a trusted contact)
- Includes full signature block of same trusted contact
- Appears to come from a trusted contact but uses a non-UW-Platteville email address (adm.e@ec.rr.com)
- Contains a short, urgent message for the purpose of initiating contact, e.g. “Got a minute?”
Responding to a seemingly harmless message will likely lead to follow-up messages from the predator asking you to send wire transfers, gift cards, or even charge items on your P-card. They may also ask you to share your personal phone number or other information. DO NOT COMPLY.
NOTE: Spear phishing is not limited to email. Phishing attacks occur via phone, text, apps, social media, and even snail mail.
Handling the suspicious message
The guidelines for handling a spear phishing message are the same for all suspicious messages:
- Ask yourself, “Does this request make sense? Would this person say this?”
- DO NOT REPLY to the message; likewise, do not open any attachments or click any links
- Contact the alleged sender directly via telephone (recommended) or using their official UW-Platteville email address (although that account could be compromised as well)
- Report the incident to the ITS Help Desk at helpdesk@uwplatt.edu
For additional information on phishing, check out these campus resources: