You need more than just technology

Spear phishing is targeted phishing.  A user receives the standard email containing a link to a fake web site purporting to be legitimate.  The website has input boxes to entice users into voluntarily giving up personal/corporate information and the added bonus of only sending the emails to users of the legitimate web site.  PhishMe, a provider of training to guard against social engineering such as spear phishing, is featured in a press release/CNBC article with a startling statistic:  A spear phishing test against 100 LinkedIn users revealed 68 “failures” in protecting information, even though most web browsers have anti-phishing protection, and many email clients are screening for phishing-like emails.  One issue is the ability to open email attachments outside the email client or web browser, evading the anti-phishing protection.

While a company such as PhishMe has a vested interest in promoting their services, the results of their research are a warning to IT professionals; user education is key to avoiding malware and other vulnerabilities in our networks.

Tell us about your experiences with phishing in the comments!

Interested in starting a career in IT? Achieve your degree and certifications at Stanbridge College. For more information, visit Stanbridge College IT programs online.