Episode 3: X = Spear Phishing
... I have seen an organization infiltrated. This is what happened. The phisherman found the company’s website, which handily had the names, positions, and email addresses of everyone on their staff. They targeted multiple employees who would be in a position to request and make a wire transfer. They sent these upper management employees an Email purporting to be from their cloud email hosting service, saying it was time to change their password. The link the employees followed took them to a webpage that was convincing enough that the employees who fell for it entered their old passwords and, quote-unquote, made a new one. ...