A New Attack Category is Born: You Now Need to Also Worry About Evasive Spear Phishing

Spear phishing has long been a serious concern for organizations battling the constant onslaught of social engineering attacks pointed at their users.  This post from the team at KnowBe4 sheds some light on a new form of spear phishing that often focuses in on technology firms and other high value targets.  The depth and level of sophistication associated with these attacks should raise red flags.  The more accurate and relevant the phishing content, the higher the likelihood the end user will fall into the trap and click the link.

Please be diligent in your awareness training and notifications to end users.  These threats are very real!


“FINAL WARNING” email – have they really hacked your webcam?

I continue to see more and more of these scare tactic emails arriving in the mailboxes of friends, customers, and colleagues.  These are, admittedly often well crafted messages designed to play on the darkest fears of humanity and they utilize some very basic techniques to build a sense of legitimacy.

This article provides a good overview of the attack/phish and hopefully will ease some concerns.


ETSU investigating ‘phishing’ attack, providing $22,000 in credit monitoring for victims

I was honored to have the opportunity to make a small contribution to this news report.  Thank you to John Engel and News 5 WCYB for their diligence.

Spear phishing is a serious threat to many organizations and can result in the loss of highly sensitive information.  ETSU has taken respectable steps after the fact to mitigate the impact of this incident, but we can all learn from this situation and strengthen the postures of our own organizations to prevent these types of attacks in the future.