Phishing is one of the key entry points in an attack. Sometimes these phishing attacks are used merely for financial fraud purposes. In these cases, it is often sent like spam to as many people as possible to maximize the chances of a successful attack, but it is not necessarily targeted toward any specific individual.
Sometimes phishing is used as the first step of a much more complicated attack, to gain access to a company’s information systems to steal, corrupt, manipulate, or destroy a company’s data. When phishing is used as a step toward a specific goal, with carefully selected target users, the attack is commonly known as a “spear-phishing” attack. There are many ways to defend against phishing attacks including end user education as well as email and web filtering technologies.
Describe any experiences that you have had or have heard about, and are willing and able to share with the group, related to phishing (e.g. types of attacks, how it was detected, and any consequences that occurred). Please DO NOT state what company or organization this may have occurred at if it is not a publicly available example. Share your thoughts about what steps businesses and/or individuals can take to defend against phishing attacks.