Phishing - The Game Is Changing

Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources.

These attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems, such as point of sale terminals and order processing systems, and in some cases hijack entire computer networks until a ransom fee is delivered.

We all like to think we can spot an obvious phishing fraud, like the email from an unknown sender offering us £2 million, in exchange for our bank details and in most cases, hackers are content with getting hold of your personal data and credit card information. But the game has changed, and online fraud is evolving with new tactics. 

Now, criminals are taking a more personal approach and searching the Internet for all the details they can find about us. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as somewhere you recently visited or a website you use. When we check our inbox, we often pick out something that strikes a chord. This is referred to as an illusory correlation, which is seeing things as related when they aren’t.

Psychologists say we are more likely to respond to requests from people higher up in our social and professional hierarchies and fraudsters have learned about this too. Indeed, around 20% of all employees are likely to click on phishing email links and of those, a staggering 68% go on to enter their credentials on a phishing website.

All members of your organisation's  management team are vulnerable. If a phishing scammer acquires the email credentials of high-profile leadership, it’s likely they’ll target anyone they can using that very email address. Potential targets would be: colleagues, team members and even customers,if they’ve already obtained that information.

Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of an organised cyber attack against a specific organization and individual targets are selected if they work or have connections to this organisation. 

All firms are at risk of falling victim to fraudulent scams perpetuated via email or social media platforms. 

Business organisations are frequent targets for fraudsters impersonating banks, brokers and other third-party organisations who may wish to perpetuate fraud, or to access personal data or confidential data. It has been known for fraudsters to impersonate business clients and then direct those firms to engage in perpetuating fraud which has only become apparent to the firm only months later. 

  • Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware or direct them to a dodgy website.
  • Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. 
  • Fraudsters are using spam bots to engage with victims who respond to the initial hook email. The bot uses up-to-date information from LinkedIn and other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money. 

Data from Google Safe Browsing shows there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. and email spam cons cost businesses around the world around US$20 billion (£17 billion) every year. Business consultant BDO found that six out of ten mid-sized businesses in the UK were victims of fraud in 2020, suffering average losses of £245,000.

Protection

Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blanket bombing approach scammers have been using for the last two decades.

One simple way to avoid being tricked is to double-check the sender’s details and email headers. Think about the information that might be out there about you, not just about what you receive and who from. If you have another means of contacting that person, do so. if you don’t want someone to know things about you, don’t put it online. 

The more advanced technology gets, the easier it is to take a human approach. Video call technology can  bring you closer to your friends and family, but these aren't always secure.  Giving people who would do you harm a window into your life is never a good idea. To avoid becoming a victim, you have to use your inborn defences - your human instinct - if something doesn’t feel right, don't do it.

Cisco:    NCSC:     TheNextWeb:   Law Society:    WalesOnline:    Digital Guardian:    BelfastLive:  

You Might Also Read: 

The Frailty Of Email:
 

« Albanian Government Falls Victim To A Large-Scale Attack
A Major Skills Training Initiative From (ISC)2 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.

Soteria LLC

Soteria LLC

Soteria LLC are a client-focused organization providing expert advisory, consulting services, and tailored solutions to prevent, detect, and respond to cybersecurity incidents.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.