Authored by: PlexTrac Author Posted on: October 21, 2019 How to Contain, Identify, and Minimize a Targeted Attack An end-user is often the first person to recognize an attack or an attempted attack on a network. Employees are a common victim for information system penetration attempts on a company network. But what should you do if you think your network is under siege? This blog post was created to help communicate the actions you should take to help contain the attack or incident, how to identify a targeted attack, and what you should do after identifying that attack. Steps to Correctly Manage an Attack If you or another employee suspects the presence of malware or other unauthorized software on company devices, you or they must perform the following actions: Remove network connectivity. This is accomplished by removing the network cable from the machine, and then disabling wireless connection. Leave the machine powered on to facilitate later forensic efforts. Notify management or the IT staff of the attack immediately or as soon as practical. Phishing as an Information System Attack Phishing Is a common form of attack on users of an information system. These attempts are usually done using some form of deception (or social engineering). This deception may include phone or electronic contact by persons masquerading as a client, partner, or creditor in an attempt to obtain employee credentials or to illegitimately request a wire transfer. These attacks are categorized as “opportunistic” and “targeted”. Phishing is a form of targeted attack. Targeted attacks are one of the most common ways a hacker tries to attack an end-user on a network. How to Identify a Targeted (Phishing) Attack Targeted attacks on an information system are common. However, they are often tricky to identify and have little difference from a legitimate email. These attempts get stronger and less noticeable in nature as time goes on. However, targeted attacks may be recognized by some of the following giveaways: Inclusion of information that is unique to the recipient beyond their name and title. This may include knowledge of the employee’s specific job functions, personal and/or business relationships, personal interests or other information that may be obtained from publicly available sources like social media or public record. Inclusion of information that is unique to the Company, including knowledge of products, key personnel, vendor or customer relationships, or upcoming events. A source email address that appears to be the legitimate email address of another employee or from an established vendor or customer. What to do After Identifying a Targeted (Phishing) Attack What you do after identifying a targeted attack is crucial. These are the steps you should take to inform your superiors of the attack: Use the snipping tool to capture the preview of the email, making sure to capture the sender’s email address, subject line, and as much of message as possible. (DO NOT OPEN THE EMAIL ITSELF). Generate a new email with a subject line along the lines of “TARGETED PHISH ATTEMPT” with the image of the attack attempt attached. Forward this email to your management or IT staff. PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
From Findings to Fixes: Bridging the Gap Between Pentests and Vulnerability Management Penetration tests are one of the most valuable tools in a security program but also one of the most under-leveraged. Every year, organizations invest in pentests to identify real-world attack paths, validate defenses, and uncover high-impact vulnerabilities. Yet too often, those insights end up trapped in PDF reports, disconnected from the tools and processes that... READ ARTICLE
Master Pentest Reporting: Join the 2025–2026 Penetration Testing Report Writing Bootcamp In July 2025 we kicked off our first Penetration Testing Report Writing Bootcamp at BSIDES Albuquerque after hearing prospects and customers share a common pain point: There just aren’t many opportunities for continuing education in the security reporting space. It’s not that courses on report writing don’t exist, but most are either entry-level refreshers or... READ ARTICLE
From Risk to Resilience: 5 Steps to Speed Remediation and Protect Your Organization Security teams have one main goal: Avoid breaches. For anyone that works in security, you know this is easier said than done. With an influx of findings and risks coming at you from multiple sources, it can be daunting and time consuming trying to figure out what to fix first. We often see organizations making... READ ARTICLE