What we did
The main problem we came across was that people didn’t even know this was a thing.
Spear phishing isn’t yet well-known as a practice, and the idea that an attacker could follow your online behaviours to glean private info that could be used against you, and then exploit it all in some kind personalised email – it just hadn’t crossed a lot of people’s minds.
We had to change that. So we introduced people to the risks in stages.
- First an introductory video about what spear phishing is and what it looks like when an suspicious email comes your way.
- Then guides, infographics and quizzes about how to spot a spear-phishing email and what to do about it if you receive one.
- At the same time, we surrounded government staff with catchy poster campaigns about the risks and ramifications of being targeted.
- Then we created guides to show other government agencies how to run simulations to continually test their own susceptibility to attack.