Phishing - The Game Is Changing

Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources.

These attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems, such as point of sale terminals and order processing systems, and in some cases hijack entire computer networks until a ransom fee is delivered.

We all like to think we can spot an obvious phishing fraud, like the email from an unknown sender offering us £2 million, in exchange for our bank details and in most cases, hackers are content with getting hold of your personal data and credit card information. But the game has changed, and online fraud is evolving with new tactics. 

Now, criminals are taking a more personal approach and searching the Internet for all the details they can find about us. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as somewhere you recently visited or a website you use. When we check our inbox, we often pick out something that strikes a chord. This is referred to as an illusory correlation, which is seeing things as related when they aren’t.

Psychologists say we are more likely to respond to requests from people higher up in our social and professional hierarchies and fraudsters have learned about this too. Indeed, around 20% of all employees are likely to click on phishing email links and of those, a staggering 68% go on to enter their credentials on a phishing website.

All members of your organisation's  management team are vulnerable. If a phishing scammer acquires the email credentials of high-profile leadership, it’s likely they’ll target anyone they can using that very email address. Potential targets would be: colleagues, team members and even customers,if they’ve already obtained that information.

Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of an organised cyber attack against a specific organization and individual targets are selected if they work or have connections to this organisation. 

All firms are at risk of falling victim to fraudulent scams perpetuated via email or social media platforms. 

Business organisations are frequent targets for fraudsters impersonating banks, brokers and other third-party organisations who may wish to perpetuate fraud, or to access personal data or confidential data. It has been known for fraudsters to impersonate business clients and then direct those firms to engage in perpetuating fraud which has only become apparent to the firm only months later. 

  • Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware or direct them to a dodgy website.
  • Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. 
  • Fraudsters are using spam bots to engage with victims who respond to the initial hook email. The bot uses up-to-date information from LinkedIn and other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money. 

Data from Google Safe Browsing shows there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. and email spam cons cost businesses around the world around US$20 billion (£17 billion) every year. Business consultant BDO found that six out of ten mid-sized businesses in the UK were victims of fraud in 2020, suffering average losses of £245,000.

Protection

Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blanket bombing approach scammers have been using for the last two decades.

One simple way to avoid being tricked is to double-check the sender’s details and email headers. Think about the information that might be out there about you, not just about what you receive and who from. If you have another means of contacting that person, do so. if you don’t want someone to know things about you, don’t put it online. 

The more advanced technology gets, the easier it is to take a human approach. Video call technology can  bring you closer to your friends and family, but these aren't always secure.  Giving people who would do you harm a window into your life is never a good idea. To avoid becoming a victim, you have to use your inborn defences - your human instinct - if something doesn’t feel right, don't do it.

Cisco:    NCSC:     TheNextWeb:   Law Society:    WalesOnline:    Digital Guardian:    BelfastLive:  

You Might Also Read: 

The Frailty Of Email:
 

« Albanian Government Falls Victim To A Large-Scale Attack
A Major Skills Training Initiative From (ISC)2 »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

Kaymera Technologies

Kaymera Technologies

Kaymera’s comprehensive mobile enterprise security solution defends against all mobile threat and attack vectors.

National Cyber-Forensics & Training Alliance (NCFTA) - USA

National Cyber-Forensics & Training Alliance (NCFTA) - USA

NCFTA is a trusted alliance of private industry and law enforcement partners dedicated to information sharing and disrupting cyber-related threats.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Start Left® Security

Start Left® Security

From Posture to Performance—The System That Improves How Software Gets Built.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.