Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

What is Spear Phishing and Anti Phishing Techniques To Prevent It

header

about the author

Share this post

Phishing comes in many different forms, but spear phishing is arguably the most dangerous type of phishing attack and the most difficult to detect.

Traditional phishing attacks tend to operate in a scattergun approach, they often impersonate a trusted company and target masses of people at the same time. In contrast, spear phishing is highly personalised and targeted.

A lot of thought and research will go into the careful crafting of a spear phishing attack. Attackers will try and obtain as much personal information as they can about their victim to make any emails seem as authentic as possible.

In order to create a sense of familiarity, spear phishers will often trawl social media sites and search engines to build a better picture of their victim. Once they have obtained all the information they need, the attackers will try and impersonate a trusted friend or colleague, then attempt to acquire sensitive information through an email.

An example of this could be an unsuspecting employee receiving an email from HR informing them about a new pension scheme the company is implementing. They click on the attachment, and without even realising it they have unleashed a virus that could potentially bring the company to its knees.

This may sound far-fetched, but this is exactly the type of spear phishing attack that companies all around the world are being subjected to on a daily basis.

According to the latest edition of Symantec’s Internet Security Threat Report, spear phishing emails emerged as the most widely used attack method, employed by 71 % of criminal cybercrime groups around the world.

Spear Phishing has the potential to net massive profits for cybercriminals. In June 2015, technology company Ubiquiti Networks, lost more than $40 million in a targeted spear phishing attack, and over the last five years, the Carbanak cybercrime group have managed to steal over $1 billion from banks around the world by introducing malware through a spear phishing email.

The hard work spent researching potential targets is worth it if the crooks can manage to net the profits they are currently making. Spear phishing attacks are extremely difficult to detect and require an increasing amount of vigilance from staff to ensure they don’t fall victim.

Anti Phishing Techniques To Prevent Spear Phishing Attacks

Don’t overshare on Social Media

Spear Phishing

The massive growth in social media has made it so much easier for a spear phisher to profile their victim and glean lots of personal information that can be used in an attack. From a simple scan online, the crooks may be able to find out your job title, where you work, your email address, events you’ve attended and lots of other valuable information that can be used to make their scam seem as convincing as possible. You should regularly check and adjust your privacy settings to restrict what people can and can’t see on your social media profiles.

Question any Requests for Confidential Information

Question any Requests for Confidential Information

If you receive a request from a colleague to email over confidential information, do not automatically comply with the request. A common tactic used by spear phishers is to source a list of senior executives at a company and then send emails impersonating those executives to trick staff into revealing sensitive information. If you receive an email out of the blue asking for information such as passwords, corporate banking information or sensitive files, you should always question the request, no matter who it’s from, and check with the sender personally to confirm it’s legitimate.

Don’t click on links within emails

Dont click links within emails

Spear phishing attacks will always have a convincing hook to entice the user to click on the link, and if the email comes from a trusted source, it will seem even more credible. Always stop and think before making a hasty decision. Hover your mouse over the link to see the destination URL, and if something doesn’t seem right, don’t click.

Use Smart Passwords

Sophisticated hackers will guess passwords and use specialist software to test thousands of possible username and password combinations. To reduce their chance of being successful, it’s vital to use complex passwords. One of the best ways to do this, is to create a passphrase that is unique to you. Passphrases are longer, more complex and easier to remember than traditional passwords. A passphrase is a combination of words, letters, numbers, spaces and punctuation marks. The first letter of each word will form the basis of your password, and letters can be substituted with symbols and numbers to make it harder to crack.

Regular Cyber Security Training

Regular cyber security training

To ensure that organisations are protected from targeted spear phishing attacks, it’s vital that staff receive regular Cyber Security Awareness training.  Spear phishing attacks tend to be much more difficult to detect than a regular phishing attack. To ensure that staff are equipped to deal with these evolving threats, they should receive regular training on how to identify an attack and become familiar with the different methods that may be used to manipulate them into disclosing sensitive information.

Update Software Regularly

Security researchers are continually updating their anti-virus and security software to match the most recent attacks and patch any vulnerabilities that have been detected. These vulnerabilities are often exploited by hackers as a means to steal sensitive data, lock users out, or demand a ransom. Regular software updates will ensure that you have the most up to date versions released by the manufacturer, thereby reducing your chance of attack.

Use Multifactor Authentication

Adding an extra layer of authentication will make it much more difficult for an attacker to access sensitive company data. Multi-factor authentication is used to verify a user’s identity when they are accessing an application. In addition to a password, multi-factor authentication requires a second or third piece of information to confirm the user’s identity. This makes it much harder for a spear phisher to compromise an account and gain access to sensitive information.

For further information on Phishing and the different forms it takes, check out our Ultimate Guide to Phishing. Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime. Get in touch for further information on how we can help your business.

Other Articles on Cyber Security Awareness Training You Might Find Interesting