Why Is Phishing So Effective?

SME’s and their networks are consistently targeted by a wide variety of threat actors and cyber criminals looking to steal information.


Cyber criminals are technologically savvy, vulnerability conscious, and aggressively agile.  They train on how to target you! A successful intrusion can quickly lead to the loss of data integrity and confidentiality. Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information. Because you care, it would only be responsible as a company and for your employees to be aware of the threats and take care to ensure that organizational information is protected and secure.

Be aware of the threats and take care to ensure that organizational information is protected and secure.

What Is Phishing?

It is the act of sending mass emails which appear to be from legitimate sources, but contain infected attachments or malicious links

What Is Spear phishing?

Though similar to phishing, it is a tactic threat actors use to send socially-engineered emails to specifically target individuals or groups based on their personal characteristics, interests or lines of work.

Spear phishing is effective because phishers create emails that seem genuine. They contain company logos or trademark information, the subject line is relevant, the message is pertinent. Given receivers’ desire to trust, it is easy for them to believe that these emails are legitimate and click on the links or open the attachments.

Malicious software can be contained in attachments such as PDFs, photos, office documents, as well as Web links that seem legitimate. Spear phishing creates opportunity for cyber compromises in any organization.

Who Is A Target?

Everyone can be a target of phishing and spear phishing emails. Those more commonly targeted include the following individuals:

  • Senior executives and their assistants
  • Help desk staff, system administrators
  • Users who have access to sensitive information
  • Users with remote access
  • Users whose jobs involve interacting with members of the public

How Can You detect spear-phishing emails?

Though spear-phishing emails can be hard to identify, here are a number of proactive ways to avoid falling prey to them and triggering a cyber-incident. Before opening attachments or links embedded within an email, take the following steps:

  • Make sure you know the sender of an email and that its tone is consistent with the sender.
  • Make sure that the Web address or attachment is relevant to the content of the email.
  • Make sure that the sender’s email address has a valid username and domain name.