Spear phishing differs from phishing emails that are traditionally sent to large numbers of recipients.  Spear phishing emails include specific information related to or of interest to the recipient in an effort to convince targeted individuals to open an attachment, click on a link, or provide account information.

 

What makes spear phishing so dangerous?

Those who send spear phishing emails pick specific targets to make sure their attacks succeed.  More than 90% of all spear phishing emails use display name spoofing to hide the actual sender.  For example, an attacker may make their email appear to come from a UCF executive. The message will most likely address the target by name and contain a premise that's believable and relatable to the target.

 

What can I do to protect myself from spear phishing?

• Be suspicious of any unexpected email that requests action on your part - clicking on a link, opening a file, providing account credentials, or revealing other sensitive information.
• Only open attachments that you requested from senders you know.
• Be aware that the sender's email address may not be genuine.
• Never open files attached to unexpected emails without validating and verifying with the sender.
• Never provide or request personal or Highly Restricted data via email. Highly Restricted data requires encryption at all times.

 

If you believe you've received a phishing email, forward it as an attachment to sirt@ucf.edu and infosec@ucf.edu

 

The Information Security Office is here to support you with cyber security issues.  If you have any questions, please feel free to e-mail infosec@ucf.edu