Phishing – Don't Get Hooked

Although many cyber-attacks are becoming less common, Phishing has become even more predominant. Especially following the move to a remote working environment due to Covid-19.

The 2021 Cybersecurity threat trends report from Cisco confirms that at least one person in almost 86% of organisations, has clicked a phishing link. With phishing attacks accounting for almost 90% of data breaches, we ask just why is Phishing so successful, and what can your business do to ensure you’re not the next cyber victim?

2021 Summary - Why are cyber-attacks on the up?

Phishing is a highly effective form of cyber-attack, the cybercriminal attempts to steal sensitive, personal, or lucrative information such as passwords, financial statements etc. Usually conducted by way of a highly convincing imitation of a trusted source, company or team member, the victim receives a communication that purports to be a trustworthy, respected source in an attempt to ensure trust.

“96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone.” 

Usually, these phishing emails will ask for something to be provided in the reply, personal information for example, and often they are written with authority, and a huge sense of urgency to help trick the receiver into sharing the data requested. Many victims are duped. However, in many cases, within the email you will find that there could be several links that the email instructs you to click on. Such links often lead to malicious websites.

Here are some examples of phishing emails:

Microsoft phishing example - Sweethaven

PayPal Phishing Email Example - Sweethaven

NHS Covid Phishing Email Example - Sweethaven

 

Some Phishing Statistics

“In both May and June of 2021, phishing attacks increased by over 280%.”

“A new report has found that 70% of organizations have seen increased phishing attacks since the pandemic began.  According to Sophos’ Phishing Insights 2021, all sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and health care (73%).”

The statistic demonstrating the rapid increase of phishing attacks are very worrying. Scammers and cyber criminals don’t care what industry their victims are in, they don’t even care what size the company is or what working environment they have – they just want your data.

So why is Phishing so popular?

With the ever-increasing number of employees working remotely and from home, phishing attacks are far more likely to be successful.

If your end-user, is using their own equipment for remote working, and security updates have not been installed, they are more vulnerable, and people feel safer at home too, they’re generally more trusting, and more likely to click on a malicious link that interests them. There’s also the threat from a lack of cyber security protocols while home-working, and if specific training or procedures regarding remote working best practices training due to other priorities throughout Covid. Cyber attackers have been getting increasingly shrewder, using these vulnerabilities and leveraging the panic and uncertainly caused by the pandemic as new ways to hunt their victims. With attacks are on the rise, your business and your staff need to be prepared!

What cyber security threats can expect during 2022?

Phishing via your phone and mobile devices

This trend is predicted to continue to grow throughout 2022. Research has shown that on top of the standard email phishing attack, phishing via mobile is set to increase too. Whether that’s through text message or a phone call, is yet to be seen. Many businesses have trained staff for email phishing, but are staff as aware and prepared for a phishing attack that targets their phone?

Attacks will continue to outsmart employees

With our cyber criminals becoming more successful, it’s expected that phishing will not only become harder to detect but also harder to deal with. Attackers are continuously taking advantage of factual events, and utilising local and global news to exploit any given opportunity or vulnerability that would resonate, concern, or scare victims. With more personal and relevant phishing attacks becoming harder to detect, even those legitimate emails should be double, even triple checked for any signs that it could be a phishing attack.

Spear Phishing

Spear phishing is a method of phishing whereby the criminal targets a specific person or group/team of people within an organisation for their email attack. Usually, these attacks are directed at larger organisations in which smaller, generic emails may get flagged as safe automatically. However, it’s now common to see spear phishing used from company to company, no matter their size, as attackers are delivering automated attacks, which enables them to craft assaults on a larger, quicker, and more effective scale.

Practical cyber crime countermeasures

Have the correct software in place

It’s proven that, for businesses to be protected against any form of cyber-attack, including phishing, the right cyber security measures and software, needs to be in place. Incorporating regularly updated security software to protect your data, staff, and company from the most common forms of cyber-attacks, must be an absolute basic for any business. Even something as simple as email filtering can be a huge help in detecting and preventing phishing emails from causing harm to you and your business.

To ensure your business has the right processes, training, systems and software, training and working practices in place, you need to seek professional guidance. The cyber security needs of every business can differ, but as a rule of thumb, you need to have in place respected, proven and trusted software for filtering and blocking malicious content.

Cyber security training, training & more training

The most important practice to get in place now is training! Implementing regular cyber security training programmes for all your teams and staff is key. With the right provider, this training can be serious, in-depth, and tailored to your teams' needs and your business, supplier and client requirements. phishing attacks are successful because of human error, if your staff aren’t properly trained, how can they be your best line of defence to protect your business? Ensure that your employees are provided with regular training sessions and, undertake live phishing tests regularly to monitor how many of your staff would put you at risk of a phishing attack and take the bait.

It’s your responsibility to ensure that your teams have the knowledge and training to protect your business. It’s important that you create an environment in which staff members are comfortable in recognising and reporting a potential phishing attack. Your staff may be your strongest asset, but without proper training on how to recognise and deal with phishing attacks, they could also be your weakest link.

If you’d like some help or advice regarding phishing training, or cyber security solutions, do get in touch, At Sweethaven we have our own, highly proficient cyber security specialists. We’re more than happy to advise and have solutions that will effectively train and test your teams. Book your free Cyber Security Consultation now, and as part of the consultation, we can discuss phishing training methods, phishing tests and much more. Why not get in touch with one of our cyber security experts?


Sources:

Login RadiusTessianUnity ITIT Pro

Previous
Previous

Cyber Security Baseline – Does Your Business Hit the Mark?

Next
Next

Gain your Cyber Essentials Accreditation and Reap the Rewards