Remember the movie ‘Castaway’ starring Tom Hanks about how a man becomes stranded on an island and has to relearn some of the most basic survival skills such as making firing, building shelter, improvising clothes and footwear, doctoring and most importantly finding food?

At the beginning of the island scenes the castaway tries casting a fishnet in the hopes of catching fish but is able to only catch a few small sardines. The movie then fast forwards and we find that the castaway has evolved his food hunting skills and is now able to catch a much larger fish using a single throw of a spear.

In the email security world this is very much like what has happened with regard to email phishing attempts on large organizations. In the beginning, these attacks were similar to the casting of a wide net, a mass email distribution to as many individuals in the organization as possible in the hopes of catching a small percentage of recipients thus gaining access to private yet valuable information that was later used to cash in on the unsuspecting recipients.

Just as our novice fisherman in the movie was able to evolve and learn new skills which allowed him to catch a bigger fish in a lesser amount of time and energy so has our phishing community also evolved to catch a bigger fish in a shorter amount of time and with more accuracy within a large organization using targeted attacks now known as “spear phishing”.

Traditional phishing tactics involved the use of fraudulent emails and fake web sites which were set up to enlist the details of your identity – name, address and credit card numbers – in the hopes of running your credit cards up to their limits. Spear phishing is a more targeted approach and includes emails sent to specific groups of individuals who meet specific criteria such as high ranking members of an organization.

Continue reading 5 Tips on how not to become a Spear Phishing Victim