You can reduce the vulnerability of your organisation by working with employees to dispel the perception that, ‘if something gets through the firewall, it is probably genuine’. Your employees have an important role to play in protecting your organisation as a second line of defence, after technical measures.
What is spear phishing?
Spear phishing is a targeted type of social engineering attack. An attacker gleans information about an individual which allows them to masquerade as a trusted source in an electronic communication. This may lead the individual to click on links, accept software updates or open attachments via email, social media messages or electronic popup messages. In doing so, the individual can unwittingly compromise sensitive information, provide access to organisational finances or facilitate technical attacks on company networks.
NPSA ‘Don’t Take the Bait!’ campaign
The campaign is based on the principle that if you can increase awareness of the scam techniques that are often deployed, then employees will be less likely to fall for them. The campaign encourages the idea that employees have a role to play in keeping the organisation secure by not falling for, or being tricked by, spear phishing.
An important aim of this campaign is for employees to feel encouraged and supported in reporting suspected spear phishing attempts to their organisation – even if this is after they have clicked.
- An introductory guide for organisations: to outline the threat and provide further details on how to run the campaign
- A guide for organisations on how to design phishing simulations: to test the susceptibility of your organisation to spear phishing
- 4 x posters to signpost an in-house campaign: phish, bait, trap, smarter
- 2 x posters to raise awareness of spear phishing techniques:urgency, authority
- An animation (available below and on YouTube) to raise awareness of the influence techniques used by spear phishers
- An infographic: to reinforce the messages delivered within the animation
- A quiz: to provide an opportunity to spot phishing attempts
For further information on the materials, to share feedback, or for editable versions (as Indesign files) please email [email protected].
You may find NPSA’s 5Es framework useful for planning and maximising the impact of your in-house behaviour change campaigns.