Security News > 2022 > May > Nothing personal: Training employees to identify a spear phishing attack
An increase in employee training and improved general awareness of cybersecurity has forced cybercriminals to change their tactics and take a more personal approach, known as spear phishing.
To stay in front of new phishing attack techniques, it's also essential that employees are equipped with all the knowledge they need to spot a potential phishing attack that goes undetected, including how attack content differs from legitimate emails.
Social media platforms such as LinkedIn can provide a range of information that allows cybercriminals to imitate colleagues and discuss recent company news - all adding to the realism of the spear phishing attempt.
An email-borne spear phishing cyberattack is designed to get the targeted recipient to act in the desired way - whether it's clicking a link, opening an attachment, giving up information in a reply, or performing a business-related action.
Regardless of whether malicious attachments or links are used, social engineering plays a significant role in spear phishing to convincingly fool the user.
One way for organizations to ensure their users can spot a potential phishing attempt is to implement security awareness training.
News URL
https://www.helpnetsecurity.com/2022/05/06/spear-phishing-cyberattack/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)