Security News > 2022 > May > Nothing personal: Training employees to identify a spear phishing attack
An increase in employee training and improved general awareness of cybersecurity has forced cybercriminals to change their tactics and take a more personal approach, known as spear phishing.
To stay in front of new phishing attack techniques, it's also essential that employees are equipped with all the knowledge they need to spot a potential phishing attack that goes undetected, including how attack content differs from legitimate emails.
Social media platforms such as LinkedIn can provide a range of information that allows cybercriminals to imitate colleagues and discuss recent company news - all adding to the realism of the spear phishing attempt.
An email-borne spear phishing cyberattack is designed to get the targeted recipient to act in the desired way - whether it's clicking a link, opening an attachment, giving up information in a reply, or performing a business-related action.
Regardless of whether malicious attachments or links are used, social engineering plays a significant role in spear phishing to convincingly fool the user.
One way for organizations to ensure their users can spot a potential phishing attempt is to implement security awareness training.
News URL
https://www.helpnetsecurity.com/2022/05/06/spear-phishing-cyberattack/
Related news
- Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)