A Networkworld article on ‘CEO Fraud Prevention’ notes that Spear Phishing is a much more focused form of phishing because the cybercriminal is familiar with the user or groups. Either from having studied up on the group or has gleaned data from social media sites to con users. From the gleaned data, the cybercriminal personalizes the email to attention the email to a person’s name.
Simple effective Spear Phishing Prevention Checklist
1. Identify and change or remove email addresses that may be obtained in the public domain
2. Filter email traffic to your institution
3. Manage access and permission levels
4. Update all IT and especially security systems
5. Create traffic whitelists and blacklists and adhere to by updating them regularly.