Phishing has always been a rather difficult issue to solve.
I’ve spent countless hours trying to create programs to successfully keep employees from opening suspicious emails, believe me!
The new generation of phishing, however, is even more complex and the threat is even more difficult to mitigate.
In the most recent cases I worked on, the email sent to the victim was either announced or followed up by a phone call from a seemingl legitimate source.
Thereby, the victim was dooped into opening the attachment to infect the system/network, and there is pretty much no training that will help to reduce that risk.
One of the issues we began working on was to have existing contacts confirm their identity through an IM. Of course this only works if the source is internal, and/or the source is available on an IM service.
Stay safe folks! These new attacks are devious with potentially devastating consequences, essentially with no one to blame.