Phishing - The Game Is Changing

Uploaded on 2022-07-27 in TECHNOLOGY--Resilience, FREE TO VIEW

Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources.

These attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems, such as point of sale terminals and order processing systems, and in some cases hijack entire computer networks until a ransom fee is delivered.

We all like to think we can spot an obvious phishing fraud, like the email from an unknown sender offering us £2 million, in exchange for our bank details and in most cases, hackers are content with getting hold of your personal data and credit card information. But the game has changed, and online fraud is evolving with new tactics. 

Now, criminals are taking a more personal approach and searching the Internet for all the details they can find about us. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as somewhere you recently visited or a website you use. When we check our inbox, we often pick out something that strikes a chord. This is referred to as an illusory correlation, which is seeing things as related when they aren’t.

Psychologists say we are more likely to respond to requests from people higher up in our social and professional hierarchies and fraudsters have learned about this too. Indeed, around 20% of all employees are likely to click on phishing email links and of those, a staggering 68% go on to enter their credentials on a phishing website.

All members of your organisation's  management team are vulnerable. If a phishing scammer acquires the email credentials of high-profile leadership, it’s likely they’ll target anyone they can using that very email address. Potential targets would be: colleagues, team members and even customers,if they’ve already obtained that information.

Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of an organised cyber attack against a specific organization and individual targets are selected if they work or have connections to this organisation. 

All firms are at risk of falling victim to fraudulent scams perpetuated via email or social media platforms. 

Business organisations are frequent targets for fraudsters impersonating banks, brokers and other third-party organisations who may wish to perpetuate fraud, or to access personal data or confidential data. It has been known for fraudsters to impersonate business clients and then direct those firms to engage in perpetuating fraud which has only become apparent to the firm only months later. 

  • Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware or direct them to a dodgy website.
  • Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. 
  • Fraudsters are using spam bots to engage with victims who respond to the initial hook email. The bot uses up-to-date information from LinkedIn and other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money. 

Data from Google Safe Browsing shows there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. and email spam cons cost businesses around the world around US$20 billion (£17 billion) every year. Business consultant BDO found that six out of ten mid-sized businesses in the UK were victims of fraud in 2020, suffering average losses of £245,000.

Protection

Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blanket bombing approach scammers have been using for the last two decades.

One simple way to avoid being tricked is to double-check the sender’s details and email headers. Think about the information that might be out there about you, not just about what you receive and who from. If you have another means of contacting that person, do so. if you don’t want someone to know things about you, don’t put it online. 

The more advanced technology gets, the easier it is to take a human approach. Video call technology can  bring you closer to your friends and family, but these aren't always secure.  Giving people who would do you harm a window into your life is never a good idea. To avoid becoming a victim, you have to use your inborn defences - your human instinct - if something doesn’t feel right, don't do it.

Cisco:    NCSC:     TheNextWeb:   Law Society:    WalesOnline:    Digital Guardian:    BelfastLive:  

You Might Also Read: 

The Frailty Of Email:
 

« Albanian Government Falls Victim To A Large-Scale Attack
A Major Skills Training Initiative From (ISC)2 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.