There are a variety of ways in which perpetrators can attack companies and get access to sensitive and confidential information. One of the most common types of attacks is the spear phishing attack. A phishing attack is defined as the practice of sending emails that appear to be from a trusted source with the goal of gaining personal information or influencing users to do something. Spear phishing is a targeted form of phishing activity whereby attackers conduct research into their targets and create messages that are personal and relevant. A phishing attack is also classified as a type of social engineering attack. Social engineering relies heavily on human interaction and involves manipulating people into breaking normal security procedures and best practices for financial gain or in order to gain access to systems, networks or physical locations.
If your department has audited phishing risks and controls consider sharing your program for a free AuditNet subscription.
All materials contained on this site are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, broadcast, performed nor used to prepare derivative works, without the prior written permission of AuditNet®. You may not alter or remove any trademark, copyright, logo or other notice from copies of the content. For further information, see section 1 of the Terms and Conditions and section 2 of the Subscriber Access Agreement.