Phishing - The Game Is Changing

Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources.

These attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems, such as point of sale terminals and order processing systems, and in some cases hijack entire computer networks until a ransom fee is delivered.

We all like to think we can spot an obvious phishing fraud, like the email from an unknown sender offering us £2 million, in exchange for our bank details and in most cases, hackers are content with getting hold of your personal data and credit card information. But the game has changed, and online fraud is evolving with new tactics. 

Now, criminals are taking a more personal approach and searching the Internet for all the details they can find about us. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as somewhere you recently visited or a website you use. When we check our inbox, we often pick out something that strikes a chord. This is referred to as an illusory correlation, which is seeing things as related when they aren’t.

Psychologists say we are more likely to respond to requests from people higher up in our social and professional hierarchies and fraudsters have learned about this too. Indeed, around 20% of all employees are likely to click on phishing email links and of those, a staggering 68% go on to enter their credentials on a phishing website.

All members of your organisation's  management team are vulnerable. If a phishing scammer acquires the email credentials of high-profile leadership, it’s likely they’ll target anyone they can using that very email address. Potential targets would be: colleagues, team members and even customers,if they’ve already obtained that information.

Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of an organised cyber attack against a specific organization and individual targets are selected if they work or have connections to this organisation. 

All firms are at risk of falling victim to fraudulent scams perpetuated via email or social media platforms. 

Business organisations are frequent targets for fraudsters impersonating banks, brokers and other third-party organisations who may wish to perpetuate fraud, or to access personal data or confidential data. It has been known for fraudsters to impersonate business clients and then direct those firms to engage in perpetuating fraud which has only become apparent to the firm only months later. 

  • Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware or direct them to a dodgy website.
  • Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. 
  • Fraudsters are using spam bots to engage with victims who respond to the initial hook email. The bot uses up-to-date information from LinkedIn and other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money. 

Data from Google Safe Browsing shows there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. and email spam cons cost businesses around the world around US$20 billion (£17 billion) every year. Business consultant BDO found that six out of ten mid-sized businesses in the UK were victims of fraud in 2020, suffering average losses of £245,000.

Protection

Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blanket bombing approach scammers have been using for the last two decades.

One simple way to avoid being tricked is to double-check the sender’s details and email headers. Think about the information that might be out there about you, not just about what you receive and who from. If you have another means of contacting that person, do so. if you don’t want someone to know things about you, don’t put it online. 

The more advanced technology gets, the easier it is to take a human approach. Video call technology can  bring you closer to your friends and family, but these aren't always secure.  Giving people who would do you harm a window into your life is never a good idea. To avoid becoming a victim, you have to use your inborn defences - your human instinct - if something doesn’t feel right, don't do it.

Cisco:    NCSC:     TheNextWeb:   Law Society:    WalesOnline:    Digital Guardian:    BelfastLive:  

You Might Also Read: 

The Frailty Of Email:
 

« Albanian Government Falls Victim To A Large-Scale Attack
A Major Skills Training Initiative From (ISC)2 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

ICS

ICS

ICS is a leading provider of outsourced IT services, cybersecurity, communications, and distributed workforce solutions throughout the US.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.