URGENT MESSAGE: Log4j Zero-Day Vulnerability Response| Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

MS-ISAC Security Primer – Spear Phishing


Spear phishing occurs when cyber threat actors send a targeted electronic communication to an individual or a small group of users, while masquerading as legitimate entities, in an attempt to gain unauthorized access to private, sensitive, or restricted content. Spear phishing emails are designed to socially engineer a response from the recipient. Through the response, recipients may unwittingly divulge information or click on a link that leads to a fraudulent website designed to harvest information, such as login credentials. Once collected by the cyber threat actor, the victim’s information or login credentials may be used to further compromise systems and networks. Often, spear phishing attempts impose artificial time constraints to create a sense of urgency that clouds a victim’s initial judgment.

Technical Recommendations

Other types of phishing include:
Smishing (“SMS Phishing”) involves a user opening a malicious SMS or text message on a mobile device.
Vishing involves a cyber threat actor attempting to gather information over Voice over IP (VoIP) phones.
Whaling is a spear phishing attempt directed towards a senior executive or other high profile target.

  • Flag emails from external sources with a warning banner.
  • Implement filters at the email gateway to sift out emails with known phishing indicators, such as known malicious subject lines, and block suspicious links.
  • Adhere to the Principal of Least Privilege. If a user has no need for administrative access in order to carry out their daily activities, they should not have an administrative account. This can minimize the damage caused by malicious activity carried out under the user’s credentials.
  • Implement Domain-based Message Authentication, Reporting, & Conformance (DMARC), a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.

Organizational Recommendation

  • Provide social engineering and phishing training to employees. Urge them not to open suspicious emails, click links contained in such emails, post sensitive information online, and never provide usernames, passwords, and/or personal information to any unsolicited request.
  • Conduct organized phishing exercises to test and reinforce the concepts using services such as those provided by CIS.
  • Implement a standardized protocol for reporting phishing attempts to the Information Technology (IT) department.

User Recommendations

  • Do not open suspicious emails or click on unknown links. The easiest way to check a link is by hovering over it with your mouse. This allows the true destination of the link to appear in the bottom left corner of your browser window or next to your mouse pointer in Microsoft Outlook.
  • Never reveal personal or financial information in response to an email. Legitimate organizations will never ask for this information in an unsolicited email.
  • If the message appears to be a phishing email, do not respond. Report it to the IT department immediately and await further instruction.

The MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, tribal, and territorial (SLTT) governments. More information about this topic, as well as 24/7 cybersecurity assistance for SLTT governments, is available at 866-787-4722, [email protected], or https://msisac.cisecurity.org/.The MS-ISAC is interested in your feedback! Please take an anonymous survey.