In response to the news of a large scale phishing attack targeting individuals in Iceland, comments from Martin Jartelius, CSO of Outpost24:
“This attack is neither novel nor hard to perform, but it is extremely targeted and it does involve a greater effort for a smaller audience than what we usually see in those cases.
The attack itself is primarily targeting home users, so there isn’t much for organizations to do, but overall, the moment security depends on a user clicking or not clicking a link in an email, or on a user making the correct choice not to run software, we as security practitioners have transferred not risk but responsibility to those least prepared and trained to manage it. If users are well trained not to open attachments from untrusted sources, not to click on phishing emails and follow basic security best practises, they will minimize the risks. However, there is no way to be perfectly safe.
For home users, the discipline to have an administrator account, and a normal user account, and then entering the password for the administrator account when and only when this is needed is a huge step towards preventing this form of infection. We can all also likely agree that the probability of getting questions from the police and getting a summoning via email is less than likely, and hence refrain from using the link.”