I once had a boss who used to travel a bit.

In her travels she had been across South East Asia, and had developed quite a soft spot for the street children she met and for their situation.

So she did a little fund raising and contributed towards charities helping them.

And then she started to receive the mails.

They told of children who needed urgent help

Or new charities which were planning interesting new causes

Or had stories which were half finished, and she could find out more if…

She clicked the link at the bottom

Or opened the attachment they had included.

We were working in the financial sector so she was alert to phishing emails, and these perked her interest

And sure enough the links were to spoof sites, and the attachments had malware in them

Someone had taken the time to do research on her, find her personal interests, and target her with phishing emails which she would be more likely to click on.

Phishing emails are usually sent to a large target of people, in the hopes that a small percentage will click on them.

But targeted phishing mails, called spear phishing, are written for a much smaller group or a single person.

And these can be much more difficult to identify and defend against.

As ever, the best advice is to:

✅ Be aware of how to identify the signs of a phishing email
✅ Keep anti virus up to date on user laptops
✅ Never give users admin privileges
✅ Use Multi Factor Authentication for any sensitive accounts users need to log in to

———————————————–

I help businesses talk about security with their staff

If you are interested in a personalised security awareness program for your team, drop me an email