The net-security website reported: "PhishMe predicts that phishers will be changing their tactics in 2013 resorting to targeted spear phishing emails rather than the mass mails of the past. Spear phishing is an incredibly popular tool for criminals targeting specific individuals or companies by masquerading as a trustworthy, legitimate electronic communication but with a sinister intention.
They dont send out thousands or millions of mails any more, instead they pick a handful of individuals inside the companies they want to infiltrate, and then they very carefully research them and tailor the message so that it is
relevant to the recipient, or uses emotions such as fear, greed or curiosity, to get the recipient to react either by clicking a link, opening an attachment or providing personal information.
That action can then let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords and R&D; information etc. Spear phishing attacks are performed by humans, against humans. For that reason, while software solutions exist, relying on technology alone is not enough. Instead, companies need to employ a holistic approach - antivirus and filters that will remove more basic, generic attacks, combined with immersive education that measures and changes behavior so that end users become sensitive to warning signs, and understand the correct process they need to report suspicious emails. More at net-security.
They dont send out thousands or millions of mails any more, instead they pick a handful of individuals inside the companies they want to infiltrate, and then they very carefully research them and tailor the message so that it is
relevant to the recipient, or uses emotions such as fear, greed or curiosity, to get the recipient to react either by clicking a link, opening an attachment or providing personal information.
That action can then let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords and R&D; information etc. Spear phishing attacks are performed by humans, against humans. For that reason, while software solutions exist, relying on technology alone is not enough. Instead, companies need to employ a holistic approach - antivirus and filters that will remove more basic, generic attacks, combined with immersive education that measures and changes behavior so that end users become sensitive to warning signs, and understand the correct process they need to report suspicious emails. More at net-security.
