Spear Phishing

Spear Phishing is an email spoofing fraud attempt that targets a specific organization seeking unauthorized access to confidential data.  While spear phishing is similar to a phishing email, the messages are typically more personalized, making it appear that they are from a person or organization that you are familiar with - - a trusted source.  The success of spear phishing hinges on its ability to appear authentic and how logical the request seems to be.  Everyone with an email address is a potential target.  

The Division of Information Technology, (IT) continues to make improvements to security, however, the best defense against these attacks is knowing how to spot and report them.  Through partnership with the vendor PhishMe, the Division of IT launched an awareness program to help employees learn about the dangers of email fraud, specifically, email spear-phishing.  Scenarios are developed collaboratively, and used for educational purposes.     

The program is focused on spear phishing attacks in the work place and sends out simulated phishing emails that mimic real ones.  If you get “reeled in” or “hooked” by a simulated phishing email, a training module will be presented to you, along with tips on how to recognize phishing email attempts and how to avoid becoming a victim in the future.  The tips are applicable to home use to help you protect yourself from identity theft and help you to protect your financial account information.  

To learn more about PhishMe, visit their website at: http:// www.phishme.com/ .