Spear Phishing is one of the most challenging cyber-attacks that can be stopped completely. The attacker will use any available information about the victim and combine it with the social-engineering techniques; in other words, the attackers know about you; therefore, Spear Phishing is no different to Telephone Scamming.
Spear Phishing relies heavily on human interaction and often tricks people into breaking normal security procedures. It is important to train staff to:
- Immediately be wary of emails requesting something out of the ordinary, even if the email appears to originate from a known colleague.
- Be particularly wary of wire fund transfer requests, especially if they ask you to transfer money into foreign bank accounts.
- Always call the person in question to clarify their request – but avoid using the number in the email’s signature, as this is likely to have been forged using the cyber-criminals details.
Investing in a premium email filtering solution and a next-generation firewall could also increase the effectiveness of identifying and blocking a range of spear-phishing emails before they get into the inbox.