News Analysis

Education can combat spear-phishing attacks

After phishing, the next variant is 'spear-phishing' attacks, according to respected US security research group SANS Institute, which recently organised a briefing for federal and state security managers in the US.

Spear-phishing attacks are similar to regular phishing scams in that they try to lure victims into sharing confidential data or downloading Trojan horse programs. Yet they are far more targeted, and their e-mails more customised than regular phishing attacks.

User education and training are becoming more effective than e-mail authentication technologies in alleviating the problem, according to the
Cambridge, Massachusetts based Anti-Phishing Working Group.

In a mock phishing scenario conducted between March and May, spoofed e-mails were sent to about 10,000 employees across five state agencies, trying to trick users into surrendering their passwords. More than 75% of the recipients opened the e-mail, 17% followed the link, and 15% attempted to enter their passwords.

However, in an exercise two months later-after users were educated about the technique-only 8% of respondents opened the e-mail.

Makes you wonder what you'd have to do to get that 8% closer to zero.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy