ASSP chapters and regions are seeing an increase in spear-phishing attacks and these scams are becoming more sophisticated. Every e-mail user must be vigilant to protect your chapter from spear-phishing attacks.
Spear-phishing messages are targeted messages that appear to come from a trusted source, likely someone you (the target) know personally and often someone in a position of authority.
In a recent case, a member of a chapter’s executive committee received an official-looking e-mail from another executive committee member asking for a money transfer to pay a vendor. The signature in the body of the message included the “sender’s” actual email address.
If a colleague or friend contact you and asks for a money transfer, password or other information, please verify that the e-mail address in the from field of the message (not just the body of the message) matches the one the sender usually uses to contact you. Call or send a separate email to the person to verify if that person actually contacted you.