Current Threats, Services

Spear Phishing

Posted on Jun 18, 2021Share on

laptop screen with had reaching out for cash and credit card

Spear phishing seems to be a never-ending threat. In fact, a new version is making its way through the Institute. The newest message differs in the subject and content of that first message you receive.

This new message typically has a subject similar to “Send me your available cell phone number.” This time there is no text in the first email. Then if you reply with your number, the person responds with how busy they are and that they preferred to call you, but they can’t call at the time and need to you help with something. If you reply back saying you can help, you will be asked to purchase gift cards and email the card number and code from each gift card and you will be reimbursed.

As always, here are the key things to remember:

  • Spear phishing attacks are targeted attacks.
  • A hacker will troll departmental websites to find who is in charge.
  • The hacker will also look at the employees so he knows who to target.
  • The hacker then looks at the departmental and employees’ social media sites.
  • The hacker will blind copy (bcc:) employees so that the recipient thinks they are the only person being contacted.
  • The message seems urgent and the “supervisor” wants you to respond via email only or possibly give your cell phone number so they can text you. (If they text you, they will spoof the phone number!)
  • The “supervisor” may mention that they are in a meeting or unavailable for a phone call.
  • The content may vary, but is usually very brief and will ask if you are available; or it may say they need you to take care of something and to email back if you are available.
  • If the hacker is questioned, they (pretending to be your boss!) will ask the recipient personal questions from the information he has seen on social media sites or the departmental website. (e.g., The hacker may ask you about the project you are working on, which is written about on the departmental site).
  • Even if you do not use social media, you can bet someone, somewhere has innocently posted something about you that can be saved and used by the hacker (i.e., departmental site or social media site).
  • You will notice that there is no request to click a link because spear phishing is not about malware or viruses.
  • Spear phishing is about the hacker getting free money, instead of compromising your computer. The original message truly looks like it is from your supervisor’s UT email address, but the address is being spoofed.
  • If you do click on “Reply,” you will notice that the reply-to address changes to .
  • If you do reply, your next message will almost certainly ask you to go buy certain gift cards in specific denominations, typically totaling around $1,000.
  • Never, ever make the requested purchase of gift cards!
  • Please know that your supervisor will not send you an email asking you to buy some gift cards and then ask you to email them the codes.
  • If you see this, close the message and delete.
  • You may also contact the CISO and/or forward the email with its Internet Headers using these Reporting Phishing Attempts instructions.

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu