Spear phishing is targeted phishing. A user receives the standard email containing a link to a fake web site purporting to be legitimate. The website has input boxes to entice users into voluntarily giving up personal/corporate information and the added bonus of only sending the emails to users of the legitimate web site. PhishMe, a provider of training to guard against social engineering such as spear phishing, is featured in a press release/CNBC article with a startling statistic: A spear phishing test against 100 LinkedIn users revealed 68 “failures” in protecting information, even though most web browsers have anti-phishing protection, and many email clients are screening for phishing-like emails. One issue is the ability to open email attachments outside the email client or web browser, evading the anti-phishing protection.
While a company such as PhishMe has a vested interest in promoting their services, the results of their research are a warning to IT professionals; user education is key to avoiding malware and other vulnerabilities in our networks.
Tell us about your experiences with phishing in the comments!
Interested in starting a career in IT? Achieve your degree and certifications at Stanbridge College. For more information, visit Stanbridge College IT programs online.