Expect some of the typical phishing lures to be cast this year, but more targeted 'spear-phishing' twists raise the potential for damage. The CSO website warnss: "Cybercriminals are increasingly abandoning the technique of casting a wide net by blasting thousands of email accounts with a phishing scam. That's not nearly as lucrative as a spear-phishing attack, which might take more work, but has the potential for a much bigger payoff, according to Rohyt Belani, CEO of phishing-awareness-training company PhishMe.
"The kind of phishing attacks that are working now involve targeting specific employees at an organization," said Belani. "Every major breach we have heard about this year has been initiated by a targeted phishing
attack—be it RSA, Epsilon, numerous defense contractors, Oak Ridge National Laboratory and on and on.
Here are the headlines, the details are in their story:
1) Kick off your holiday shopping with this 10% off coupon for any store at [your local mall]"
2) "[Your company] thanks for your hard work this year and invites you to enter our holiday raffle"
3) "A year-end inspection has turned up mold in offices in our building at [your work address]"
4) "[Your company] is migrating its payroll system before the end of the year. Please enter your updated information to avoid interruption of your direct deposit."