Of course, spear phishing isn’t new, but the targets and tactics are evolving, and most users who might have known to not give away their banks account numbers at home may be handing over sensitive information in an enterprise setting due to lack of training and awareness.
Administrative assistants, accountants, salesmen, IT managers, and pretty much everyone else in an enterprise hold a great deal of company knowledge that criminals can use to ultimately unlock a company’s secrets.
But beyond simply explaining the threat to them, ask your staff to take a step back to see what information a cyber criminal can easily dig up. This may sound completely narcissistic to them, but I recommend you ask them to “Google” themselves from time to time in order to see what pops up in search results. The idea is to familiarize one’s self with what is public knowledge — so you aren’t caught off guard when it’s used to gain your trust.
Even though you aren’t likely to be considered a “whale” by Las Vegas casino standards, you and your staff need to understand that your position within a large organization probably makes you a pretty big fish in the eyes of a cyber criminal. And in order to help combat against these attempts, your best bet is to try and see what a hacker can see on the Internet so it can’t be used against you