Spear Phishing on the Rise

A more personalized, sophisticated, and invasive form of phishing is on the rise: Spear phishing. Spear phishing is a social engineering tactic used to steal sensitive information from a specific person or group by tailoring the message. For example, an attacker could pretend to be an IT staff member from your college to trick you into revealing your GatorLink credentials.   

While regular phishing attempts try to scam as many people as possible through generally deceptive language, the personalization of spear phishing attacks makes them more effective and more dangerous. Barracuda‘s 2023 Phishing Trends Report found that spear phishing emails make up less than 0.1% of all emails sent yet cause 66% of all breaches.

There are several signs to look for if you think you have received a spear phishing email in your GatorMail. Is the email address domain from a legitimate organization? If the email appears to have come from a UF email address, utilize the UF directory to confirm the sender’s contact information. Also, hover your cursor over any links in the email and review the URL before clicking on it. Be wary of overly friendly language or strange use of slang, imperfect sayings or misuse of English. Cybercriminals frequently use language that indicates urgency (like “ASAP” or “URGENT!”) in spear phishing attempts.

If you get a spear phishing message in your GatorMail, immediately send it to the Information Security Office using the phish alert button. If you’ve fallen victim to a spear phishing message and unwittingly provided your UF username and password (i.e., your GatorLink credentials) to a scammer, then contact the UFIT Help Desk at once (352-392-HELP/4357). When you report that your account has been compromised, staff will help you change your password and do everything they can to minimize the impacts of the account compromise.