The MOST effective control for reducing the risk related to phishing is:
centralized monitoring of systems.
including signatures for phishing in antivirus software.
publishing the policy on antiphishing on the intranet.
security training for all users.
Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine,
with the intention of obtaining information. Phishing is an example of a social engineering attack.
Any social engineering type of attack can best Decontrolled through security and awareness