Spear Phishing Typology Detection added to Vade for M365

New in Vade for Microsoft 365, our spear phishing engine now classifies spear phishing emails according to threat typology. This latest update to our spear phishing technology features a combination of Natural Language Processing (NLP) and modified spoofing detection algorithms. Together, they analyze textual content to identify malicious intent and reveal the specific types of spear phishing threats targeting individual businesses. 

Better detection with higher confidence

Spear phishing emails are notoriously difficult to detect. The detection of distinct spear-phishing typologies has increased our global accuracy and confidence. Additionally, our sender spoofing-detection algorithms have been modified to better correlate with end users' communication habits. The detection of clean or similar aliases and domain or email address impersonation are now directly integrated in the final verdict. 

Understanding threat typologies 

Spear phishing and business email compromise typically come in a handful of typologies, each designed to manipulate users into completing a desired action. Vade for Microsoft 365 now classifies spear phishing emails as one of five typologies: 

  • Initial contact: Does not contain any malicious content other than an incentive to reply to the email (“Are you available?”). The main goal is to invite the recipient to answer so that the sending malicious address is recognized as a legitimate address.
  • CEO fraud: Email supposedly coming from the CEO or senior management requesting an urgent money transfer, usually to an unknown RIB. 
  • Tax fraud: Phishing attempt involving the impersonation of executives or HR members in order to steal social security numbers or tax identification numbers. Collected data are generally used for identity theft schemes. 
  • Gift card fraud: Email supposedly coming from an executive requesting a money transfer to purchase gift cards for employees. Confidentiality and discretion are usually implied.  
  • Lawyer fraud: Impersonation of lawyers and law firms. The main goal is to ensure victims will not raise awareness. Confidentiality restrictions are implied.

With a better understanding the specific spear phishing typologies targeting individual clients, MSPs can provide counsel and training. From the Threats Report page in Vade for Microsoft 365, we display a chart displaying the ratio of threat typologies targeting a client.


Setting actions based on spear phishing typology 

From the Spear Phishing Settings page, you can select the action to take for each typology. Options include displaying the spear phishing warning banner, moving the email to a dedicated folder, or deleting the email.

 Spear Phishing Settings_EN-1

Additional Resources

Vade for Microsoft 365 data sheet

Anti-Spear Phishing Solution

Anatomy of a Spear Phishing Email


Spear Phishing: The Targeted Attacks That Aim for Your Business

Learn more