Spear phishing uses much more compelling messages than standard attacks. For example, attackers who claim to be the CEO could trick finance executives into sending money to their bank accounts. Using fake invoices could trick accounts payable employees into sending money to the attacker. To steal ...
These are the major questions, however there are certainly more. Things get more complex as you realize that these factors compound each other; for example, if a client has a web proxy that prohibits the download of executables or DLL's, you may need to stick your payload inside a containe...
Also, it turns out that the users themselves are often the best channel through which to detect, report and defend against phishing attacks. An important practice enterprises should implement is to put in systems where users can quickly and easily report a phishing attack, have it routed to IT...