Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them
It addresses the problem of phishing, which initiates over 91% of cyberattacks, for cybersecurity practitioners and organizations, but is incremental as it reviews existing techniques and protection layers.
This study reviews how phishing and spear phishing attacks are carried out in five steps to increase success rates, and analyzes four layers of protection including automated tools, decision-aid tools, user knowledge, and multi-factor authentication to enhance security against these social engineering attacks.
Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome, increasing the chance of success. The focus will be also given on four different layers of protection against these social engineering attacks, showing their strengths and weaknesses; the first and second layers consist of automated tools and decision-aid tools. the third one is users' knowledge and expertise to deal with potential threats. The last layer, defined as "external", will underline the importance of having a Multi-factor authentication, an effective way to provide an enhanced security, creating a further layer of protection against Phishing and Spear Phishing.