The United Kingdom’s Centre for the Protection of National Infrastructure (CPNI) has recently released a paper titled “Spear Phishing – Understanding the Threat;” this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations can take to manage the risks. CPNI is the UK’s government authority for providing physical, personnel and information security advice to critical national infrastructure.
US-CERT encourages users and administrators to review the CPNI document as well as US-CERT ST04-014, “Avoiding Social Engineering and Phishing Attacks.”