Education can combat spear-phishing attacks

News Analysis

Education can combat spear-phishing attacks

After phishing, the next variant is 'spear-phishing' attacks, according to respected US security research group SANS Institute, which recently organised a briefing for federal and state security managers in the US.

Spear-phishing attacks are similar to regular phishing scams in that they try to lure victims into sharing confidential data or downloading Trojan horse programs. Yet they are far more targeted, and their e-mails more customised than regular phishing attacks.

User education and training are becoming more effective than e-mail authentication technologies in alleviating the problem, according to the
Cambridge, Massachusetts based Anti-Phishing Working Group.

In a mock phishing scenario conducted between March and May, spoofed e-mails were sent to about 10,000 employees across five state agencies, trying to trick users into surrendering their passwords. More than 75% of the recipients opened the e-mail, 17% followed the link, and 15% attempted to enter their passwords.

However, in an exercise two months later-after users were educated about the technique-only 8% of respondents opened the e-mail.

Makes you wonder what you'd have to do to get that 8% closer to zero.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy