Spear phishing is a tactic used by cyber criminals whereby they attempt to attack a specific individual as a conduit into the organization. The purpose of the attack is the same as with any phishing email, to gain access to login or confidential information or to deliver malware, but in this instance the attack is targeted.
Recent high profile data breaches such as JP Morgan, Siemens and Target are all attributed to spear phishing attacks. In some cases the targets have been smaller, playing on the fact that smaller companies may not have the same security infrastructure or employee awareness level to combat an attack. Whatever size your organization is, be aware that it and you may be a target.
As an employee it’s important to be vigilant when receiving emails that require you to take specific actions. Looking for unusual language and vocabulary or misspelled words will help prevent the organization from becoming the next victim of a cyber criminal. If you are in doubt about the authenticity of an email or a request, contact your IT security team and ask for their assistance in order to be better prepared and educated on how to spot a spear phishing attack.