Dealing with Spear Phishing Campaigns
Spear phishing is the use of spoof email messages to persuade people within a company to reveal their usernames, passwords, and, potentially, other personal information.
Criminals who send spear phish messages tend to personalize them by targeting specific domains or organizations. The messages appear to come from another member of staff at the same company, and ask you to confirm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website or intranet. When you reply, the phisher takes the details and misuses them.
The spear phisher can easily generate the victims’ addresses by using spammers' software that combines given names and family names, for example. He or she also needs to send messages to only a single domain, which makes it less likely that the message will be detected as spam.
SophosLabs has created a special alias to deal with this type of targeted campaign. Please forward all "Spear Phish" samples of this nature to the following address:
This address is monitored by SophosLabs, and definitions will be quickly created to ensure the campaign is addressed.
Note: All other spam, fraud, and phish samples should still be sent to:
Messages incorrectly detected as spam should be sent to:
Please ensure that all samples are sent as an RFC-2822 attachment. Messages forwarded to the addresses listed above will not receive a reply.
The following link contains a description on how to send an RFC-2822 attachment using several different mail clients.
If you need more information or guidance, then please contact technical support.
- Article ID: 37179
- Created: 15 Apr 2008
- Last updated: 26 Jul 2011
