What is it?
Spear phishing is the use of cleverly crafted and targeted emails or social media messages designed to trick the user into performing an action such as clicking on a link or opening a file.
How does it work?
Attackers will send an email that is engineered to look legitimate and from a trusted source. This email will be designed to entice the user to open a file that contains a malware infection, or click on a link that will drive the user to a website. This website may be infected with malware, or will ask the user to login using their credentials.
Should I be worried?
Yes. Spear phishing is the leading source of successful infection found in the wild today. The technique's success ensures it will continue.
How can I prevent it?
1. Train your users. Make your users aware of the threat. Teach them to never visit a site via an email link. Always type the URL address of the web page home directly.
2. Use cloud-based security tools. Cloud-based email, web filtering and endpoint protection can allow you to ensure that the user does not receive these targeted messages. If they do, web filtering and endpoint protection can help to block the threat from being successful.
3. Use multi-factor authentication. Many sites now offer multi-factor authentication. Enable this useful feature for all accounts where it is available to provide a huge boost to the password security.
4. Have a plan in place. Analyze the different scenarios that could occur in relation to this and have a plan for what steps should be taken, should a user fall victim to an attack.