Awareness education is key to teaching how to identify the emotional triggers in a spear phishing email.
FORBES: As Neighborhood Watch For The Web, Google Now Flags Nearly 10,000 Dangerous Sites Daily
That said, spear phishing is often painfully easy when the right approach is made to the right person.
Spear phishing is a cyber attack that uses disguised emails that seek to convince recipients of a specific organization to provide confidential information.
Social engineering and the related spear phishing, which uses personal information from social networks for targeting, will remain an important security threat to business in 2012 and an even larger threat to consumers.
FORBES: Top 12 Security Risks For 2012, Is Your Company Ready?
This action follows a February attempt to exploit my name and my book as part of a spear phishing attack launched at .mil and .gov email accounts (see here and here), but this is not a new focus area for me or for my GreyLogic colleagues.
FORBES: ZeuS Criminals Run A "Poisoning The Well" Attack Against IntelFusion And GreyLogic
"Spear-phishing" typically works by sending fake e-mails that look like legitimate correspondence, but which link to a malicious website or file attachment.
The most common threat was a technique known as spear-phishing, which can corrupt a company's computer system by uploading malicious attachments and gaining access to sensitive information.
Recent attacks that have hit Apple, Facebook and other high-profile companies often bear similar hallmarks of infiltrating a system via employee computers, and with a straightforward spear-phishing campaign.
The rise of social networks, for example, has aided an increasingly common kind of attack known as spear-phishing, says Greg Bell, global service leader for KPMG's information protection practice.
Much of the campaign involved sending spear-phishing emails, where an unsuspecting target would click on a link, activating a program that would then runs quietly in the background of their computer network.
FORBES: China Thought To Be Behind Global Cyber-Espionage Campaign That Hit UN, Olympic Committee
Many highly publicized attacks have been based on a tactic called "spear-phishing, " where email users are tricked into opening a legitimate-sounding message that contains code called malware that lets attackers penetrate corporate networks.
They have not been able to establish how exactly the hackers broke into the system, but believe it may have been through a so-called spear-phishing attack, where an employee clicked on an email or link containing malicious code.
The new breed of spear-phishing emails appear to be sent by a close friend or family member, address the victim by name in the subject line or body of the message, and include a link to a website controlled by spammers.
FORBES: Facebook Says 'Misconfiguration' Allowed Spammers To Impersonate Users
应用推荐