In this example, we will show you a REAL WORLD example that was very nearly successful. It showcases a cybercriminal combining both tactics to target this organization. While we have redacted the organization's private information and obtained their consent to show this - it's important to showcase how elaborate some of these scams are.

Can you spot the CEO Scam? Can you spot the Spear Phishing Attack? Can you see how both were combined to attack the user?

SPEAR PHISHING PORTION: In this instance, the cybercriminal knew the name of the employee "Elaine", and knew the name of the CEO "Jolanta", and requested Elaine buy a bunch of Google Play gift cards. This is known as spear phishing - its called this because is a targeted attack geared towards a specific person vs sending it to the masses or everyone in the company. Think of it like real-world fishing in a lake, if you fish with a pole or spear, you are very targeted in which type of fish you spear and eat for dinner, this is how the name spear-phishing came about.

CEO SCAM PORTION: In this instance, we see the cybercriminal tries to impersonate the CEO (Jolanta) and get the employee to do some high-risk action - in this case buying gift cards and sending them the codes. The attacker knows the name of the CEO and pretends to be the CEO in order to dupe the employee into doing something risky.

Now, this email is actually quite suspicious, and the trained eye would notice that while the CEO's name is accurate, the email address ( clearly is NOT the CEO's real email address.
This is why it's so critical that ongoing security awareness training be provided to ALL employees in an organization. What we know, is that companies who provide regular ongoing security awareness training to their staff fall victim to cybercriminals up to 80% less than companies who do not. This is a staggering number.

If you are not currently providing regular ongoing security awareness training to your employees, or you're not sure how to get started, contact a professional cybersecurity services firm like ours to protect your business and your employees today.