* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/category/cybersecurity-2/)
* Knowledge Is Power: Using...

# Knowledge Is Power: Using Cyber Scrutiny To Defend Against Phishing Attacks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fknowledge-power-using-cyber-scrutiny-defend-phishing-attacks%2F)  
[](https://twitter.com/share?text=Knowledge+Is+Power%3A+Using+Cyber+Scrutiny+To+Defend+Against+Phishing+Attacks&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fknowledge-power-using-cyber-scrutiny-defend-phishing-attacks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fknowledge-power-using-cyber-scrutiny-defend-phishing-attacks%2F&title=Knowledge+Is+Power%3A+Using+Cyber+Scrutiny+To+Defend+Against+Phishing+Attacks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2014/10/knowledge-power-using-cyber-scrutiny-defend-phishing-attacks/&ts=markdown)  
\[\](mailto:?subject=Knowledge Is Power: Using Cyber Scrutiny To Defend Against Phishing Attacks)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Oct 23, 2014  
5 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)  
[Apple](https://www.paloaltonetworks.com/blog/tag/apple/?ts=markdown)  
[Phishing](https://www.paloaltonetworks.com/blog/tag/phishing/?ts=markdown)

If you purchased an iPhone 6 recently, you probably received this email:

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/10/apple-email.png)  
[![apple email](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/10/apple-email-500x383.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/10/apple-email.png)

Some of you may have even clicked the "Verify Now" link and entered your Apple ID account information. I hope not, though, because this email is *not* from Apple. It's a phishing email meant to trick recipients into giving sensitive information to the attacker who sent it.

This email illustrates two things:

1. Attacks are more sophisticated as cybercriminals get smarter and craftier.
2. An increased level of understanding regarding cyber attacks is needed, not just within the corporate community, but within the general public as well.

The market for enterprise network and cybersecurity grows each year highlighting the emphasis companies are putting on preventing modern threats from infiltrating their internal networks. However, the impetus is focused on technological preventative measures. Could an education in cybersecurity --- who the attackers are, what they're after, and the appropriate level of scrutiny that should be practiced --- significantly bolster an enterprise's cyber defense?

Yes. In 2011, [RSA was the target of a spear phishing attack](http://blogs.gartner.com/avivah-litan/2011/04/01/rsa-securid-attack-details-unveiled-they-should-have-known-better/) made successful by at least one employee opening the malicious attachment even after their spam filter had correctly placed the email in the "junk" folder. RSA suffered a data breach as a result.

##### "At least RSA's SPAM filters were working, even if their social engineering training for employees was not," -Avivah Litan, Gartner Analyst

More recently, a spear phishing attack targeting physicians at a [Tacoma-based medical group](http://www.thenewstribune.com/2014/03/31/3126217_phishing-e-mails-net-medical-records.html?rh=1) led to the breach of 12,000 patient records. Emails were crafted to appear as though they were sent from the group's parent company, and prompted targets to click on a link and enter their email account username and password. The group has since rolled out a company-wide phishing prevention system, including retraining the employees who fell for the initial phishing email.

Spear phishing attacks are:

\*\*Lucrative.\*\*The black market for data is huge, estimated at multiple billions of dollars, meaning that the person or organization behind the attack may not actually use what they steal to make money. Unfortunately, this also means they're more difficult for authorities to track down.

**Successful.** Because hackers take pains to get their targets to fall for their schemes, they know what company and department you work for, what applications you use, who you report to, and what kinds of projects you're likely working on. They know which job titles are likely uninformed or unwary of potential threats. This makes spear phishing campaigns one of the most highly-favored APT attack methods.

**Simply a means of getting in.** Once a target is duped into clicking a link, opening a file, etc., the attacker can carry out his mission, whether it's stealing personal information, using a target's personal account to transfer money, extract intellectual property or insider information.

**A real threat to both corporate and consumer spheres.** Both have data that attackers want to use to make money, and most people who work for targeted companies have a home computer or mobile device for personal use that is *not* protected by enterprise network or endpoint security policies.

\*\*Recognizable...\*\*sometimes, if you know what you're looking for.

* Check the sender's email address to make sure it's someone from whom you should be receiving emails. If you're still not sure, email clients like Outlook and web mail applications like Gmail usually have options to view email messages with the headers included, so you can make sure the "From" field matches the "Reply-to" field.
* Look for patterns of misspellings and incorrect grammar.
* Ask yourself if links and attachments within the message are expected information from the sender and work-related. Do the domain name or file name make sense? View the email with formatting turned off to view a link's actual URL.
* Check the attachment's file extension. Odds are that unless you're in the IT or engineering department, you shouldn't be receiving or opening file types with extensions .exe, .dll, .scr, or .class. According to Symantec, these file types were used in more than 50% of last year's spear phishing attacks.
* If you're still unsure that an email is legitimate, ask your company's IT security folks.

Cyber best practices like these aren't just for those who deal with security as part of their daily job duties. They need to be taught company-wide.

What kind of corporate policies and programs promote a healthy balance between paranoia and productivity?

I've heard of one corporate program where basic cybersecurity best practices are taught as part of the new hire training class for every employee. Another IT-run program periodically assesses its employees by sending fake phishing emails to different groups within the organization; those who fall for the faux scam by either opening an attachment or clicking a link are then required to take a cybersecurity seminar. The goal of these programs is to arm the company's workforce with knowledge and deploy them as another layer of cyber defense.

Using the right tools to prevent attacks is key, and one of those tools is familiarity with the kinds of tactics cyber criminals are using, and how to recognize and avoid them. What processes or programs have you seen put in place that educates employees and encourages cyber scrutiny?

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Top Three Ways Organizations Were Unprepared for Cyberattacks in 2023](https://origin-researchcenter.paloaltonetworks.com/blog/2024/11/top-three-ways-organizations-were-unprepared-for-cyberattacks-in-2023/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### GenAI in Cybersecurity --- Threats and Defenses](https://origin-researchcenter.paloaltonetworks.com/blog/2024/10/genai-in-cybersecurity-threats-and-defenses/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Five Misconceptions About Secure Web Gateways](https://origin-researchcenter.paloaltonetworks.com/blog/sase/five-misconceptions-about-secure-web-gateways/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### The True Cost of Cybersecurity Incidents: The Solution](https://origin-researchcenter.paloaltonetworks.com/blog/2021/07/investing-in-cybersecurity-now-can-save-money-later/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Why You Need Actionable Threat Intelligence](https://origin-researchcenter.paloaltonetworks.com/blog/2017/05/need-actionable-threat-intelligence/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### The Cybersecurity Download: Ransomware](https://origin-researchcenter.paloaltonetworks.com/blog/2016/10/the-cybersecurity-download-ransomware/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language