Watch out for Spear Phishing!

Spear phishing is a type of scam where the person contacting you tries to impersonate someone you know, or a company you do business with. The initial contact, usually an email, may seem harmless because there are no attachments or links. The message simply wants you to reply. If you reply, the original sender will ask you for urgent help that will eventually include sensitive information or account credentials. 

A common example is an email that appears to come from a coworker or supervisor, but it's coming from a non-WWU email address. The email usually says that they are offsite and can't get to a phone. They will say that they are contacting you from their personal email because they can't access their work email for some reason. They will also tell you that they need to access their work email urgently, and will ask you to assist them. They may ask for other sensitive information as well. 

Another common spear phishing example is a phone call or email that appears to come from a company you do business with. They will tell you that there is an urgent problem that needs to be resolved by providing your account information, personal details like your date of birth, and perhaps even your password. 

A sense of urgency

These scams usually sound urgent and try to get you to act quickly, before you have time to think things through or follow up with the actual person they are trying to impersonate. 

Here is a spear phishing example that targeted Western employees in multiple departments. The message appeared to come from the head of the department, and was sent only to individuals who work in that department.The original message asked only, "Are you there?" After the employee replied, the orignal sender sent this follow-up:

Spear phishing example from July, 2017, Subject: Office