Spear phishing is the use of cleverly crafted and targeted emails or social media messages designed to trick the user into performing an action such as clicking on a link or opening a file.
How does it work?
Attackers will send an email that is engineered to look legitimate and from a
trusted source. This email is designed to entice the user to open a file that contains a malware infection, or click on a link that will drive the user to a website.
Should I be worried?
Yes. Spear phishing is the leading source of successful infection found in the wild today. The technique's success ensures it will continue.
How can I prevent it?
Train your users to make them aware of the threat. Use cloud-based security tools to ensure users do not receive these targeted messages. Use multi-factor authentication to boost password security. Have a plan in place depicting what steps should be taken, should a user fall victim to an attack.
– Mark Parker, senior product manager, iSheriff