“Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.”
Gone are the days when the only phishing threats were from poorly spelled emails asking you to claim Clubcard points. With the cybercrime-as-a-service (CaaS) industry estimated to be worth in the billions each year, cyber criminals are becoming increasingly organised in the way they implement their attacks. Instead of sending out random emails and hoping for the best, spear-phishing involves researching a particular organisation, probing for weaknesses, then sending highly targeted, personal phishing emails. These emails may appear as if they come from your CEO, or IT manager, or even the colleague that sits next to you. It is estimated that over 90% of successful data breaches by cyber criminals started with a spear-phishing attack. The best means of prevention is to implement an ongoing cyber security awareness program, as trained staff can detect and block spear phishing attacks before it’s too late.