Spear phishing is one of the most challenging cyberattacks and can be stopped completely. The attacker will use any available information about the victim and combine it with the social-engineering techniques; in other words, the attackers know about you; therefore, Spear Phishing is no different to Telephone Scamming.
Spear Phishing relies heavily on human interaction and often tricks people into breaking normal security procedures. It is important to train staff to:
- Immediately be wary of emails requesting something unusual, even if the email appears to originate from a known colleague.
- Be particularly wary of wire fund transfer requests, especially if they ask you to transfer money into foreign bank accounts.
- Always call the person in question to clarify their request—but avoid using the number in the email’s signature, as this is likely to have been forged using the cybercriminals’ details.
Investing in a premium email filtering solution and a next-generation firewall could also increase the effectiveness of identifying and blocking a range of spear-phishing emails before they get into the inbox.