Cuts both ways
> a marked improvement in the quality and apparent authenticity of
> spear-phishing attacks – making them ever harder to separate from
> genuine communications.
>
Not helped by organisations outsourcing services to external third parties who then send extremely phishy-looking mail to everyone in the company. Online payroll is particularly prone to this, but all sorts of other activities are going to same way. How can you train users to just hit delete on any email that asks them to "click here to login to your... <wtvr>", when half of them are legit?
Yeah, I've tried moaning at the suppliers; the expression "pissing into the wind" is about right.