University of Southern Indiana

Phishing Tip #4

Beware of Whale/Spear Phishing

Most Phishing attempts, the cybercriminal casts a wide net (sends their email to many recipients), and hopes a decent number of recipients will fall for the scam.  Whale Phishing is when the cyber-criminal, targets a smaller population - but puts more effort into the email what and to whom he is mailing.  The criminal will research the university/corporation and target those who work in financial areas.  Many times the phishing message will appear to come from the President/CEO.

Example:

From: Spoofed President's email address
Subject: Remit
Date 8/10/2017

Hi xxxx,

Are you at your desk? Write me when you are.

Thanks,

Sent from my Verizon 4G LTE Tablet


From:
Subject: Engagement Feedback
Date: 7/13/2017

Dear Mark,

We are conducting this survey to get a better understanding of employee morale, satisfaction, and engagement. Your opinions are important to us, and this survey is your chance to express those opinions. Kindly provide answer to <Link here> which will take about 3-5 minutes for you to complete and your responses are confidential.


Thank you for your opinion.

<used signature of a USI employee>

Contact Information Technology

×

Send Email to

×