Oops, that's not right...
Informing about new IT policies is incorrect.
Explanation :
Spear phishing attacks often request sensitive information, like passwords or account details, under the guise of account verification or necessary updates, exploiting employees' trust in the IT department.