Spear phish emails:
- specifically target an organisation
- usually claim to be from local IT support staff
- ask people to reconfirm login details, including passwords
- have a reply address which appears local, but the originator of the attack is located remotely
- might ask you to visit a website via a link
- may have basic language errors.
You can recognise an email as a spear phishing attempt because:
- University IT administrative/support staff will never ask for your password, or personal or confidential information
- some of the sender information will look unusual (although you might not notice this immediately).
Report any spear phish emails you receive to ITS by email on firstname.lastname@example.org or calling 64 3 479 8888 or 0800 479 888.
Send ITS an original copy of the email containing full header information. The header is located at the top of an email and includes the tracking information of the path an email took as it crossed mail servers.