Want us to help you with anything?
Request a Call back

This field is required Only alphabetes are allowed
This field is required Only alphabetes are allowed
Please enter valid number
Please enter valid email
Please select product type
Please enter valid pincode

Thank you for your request.

Your reference number is CRM

Our executive will contact you shortly


Spear Phishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data.

Spear phishing is a targeted phishing attempt through an e-mail that appears to come not only from a trusted source, but often from someone in your own company, a superior in many cases, or from a close relative. The subject line address is customised/personalised and often will be one of relevance to either current projects of developments within the company, or may be related to family event. The violation occurs when the user opens the e-mails, clicks on the link attached and then trojans or malware gets downloaded or a form appears on the screen, in which data needs to be filled in by the recipient. This information is confidential and could be useful for accessing and transacting on internal organisation's application.

Spear phishing has success in manipulating users confidential information for 3 reasons:

  • The source appears to the user to be known, trusted and one that the user has frequent correspondence with
  • The verbiage used in the subject reinforces the validity that the source is legitimate
  • The information requested seems to make reasonable sense to the user considering the 'source'

An example of spear phishing would be an e-mail that appears to come from a specified and known network or IT person within your company. It prompts you to login with your employee name and password. Upon doing so, a malware is downloaded. As once the perpetrator has the user name and password of that employee, he/she can then access great amounts of company data using that access or perform transactions.

  • If the message prompts form to disclose your personal confidential information any time STOP. Recheck
  • Do not respond or act without first contacting the 'sender' by telephone and verifying that the e-mail is legitimate
  • Do check the senders e-mail address displayed, whether it perfectly matches with e-mail address used within your company
  • Do check whether the sender associated with the e-mail is indeed from the company
  • Do not open attachments in such e-mails as they might carry virus
  • Do check the website where you might get redirected. The redirected website should belong to your company
  • Do not just delete these e-mails. Report them immediately to your IT dept or your company contacts for computer support

Learn more about safe banking tips through interesting videos

An application to enhance the security of your online account with OTP

Learn about Credit Scores, Nomination, Banking Ombudsman and more.

Read the RBI advisory against Phishing emails sent in its name.