Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them

Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome, increasing the chance of success. The focus will be also given on four different layers of protection against these social engineering attacks, showing their strengths and weaknesses; the first and second layers consist of automated tools and decision-aid tools. the third one is users' knowledge and expertise to deal with potential threats. The last layer, defined as "external", will underline the importance of having a Multi-factor authentication, an effective way to provide an enhanced security, creating a further layer of protection against Phishing and Spear Phishing.