Dealing with Spear Phishing Campaigns
Spear phishing
Spear phishing is the use of spoof emails to persuade people within a company to reveal their usernames, passwords, and potentially other personal information.
Criminals that spam spear phish messages tend to personalize the message to a specific domain or organization. The emails appear to come from another member of staff at the same company and ask you to confirm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website or intranet. When you reply, the phisher takes the details and misuses them.
The spear phisher can easily generate the victims’ addresses by using spammers' software that combines given names and family names, for example. He or she also needs to send emails to only a single domain, which makes it less likely that the email will be detected as spam.
SophosLabs has created a special alias to deal with this type of targeted campaign. Please forward all "Spear Phish" samples of this nature to the following address:
This address is monitored by SophosLabs and definitions will be quickly created to ensure the campaign is addressed.
Note: All other spam, fraud, and phish samples should still be sent to:
Please ensure that all samples are sent as an RFC-2822 attachment.
The following link contains a description on how to send an RFC-2822 attachment using several different mail clients.
How to submit a spam sample to SophosLabs
If you need more information or guidance, then please contact technical support.
- Article ID: 37179
- Created: 15 Apr 2008
- Last updated: 24 Oct 2008
