Spear-phishing is getting harder to detect as successful practices inform future "phishes." What doesn't work is abandoned, reworked and the culprit becomes increasingly less suspicious.
It may come as a surprise or not, but 19% of spear-phishing attempts are successful. Someone in an organization takes the personalized bait and hands out secure information.
The effects of spear-phishing can be avoided by fact checking. I haven't seen a copy of the message received by AP employees yesterday. It would be interesting to see it and fact check it.
Can anyone find it?