Phishing is one of the key entry points in an attack. Sometimes these phishing attacks are used merely for financial fraud purposes, in these cases it is often sent to as many people as possible to maximize the chances of a successful attack but it is not necessarily targeted toward any specific individual. Sometimes phishing are used as the first step of a much more complicated attack to gain access to a company's information systems to steal, corrupt, manipulate, or destroy a company's data. When phishing is used as a step-toward a specific goal, with carefully selected target users, the attack is commonly known as a "spear-phishing" attack. There are many ways to defend against phishing attacks including end user education as well as email and web filtering technologies.

Describe any experiences that you have had or have heard about, and are willing to share with the group, related to phishing (e.g. types of attacks, how it was detected, any consequences that occurred). Share your thoughts about what steps businesses can take to defend against phishing attacks (300 words)