Everything you need to know about phishing attacks

Over the last 12 months 83% of businesses and 87% of charities in the UK have experienced a phishing attack.

Phishing is a type of fraudulent attack spread through email, text messages or even voicemail attachments. It’s a catch all term to describe a cyber-attack where a hacker cons you into sharing your personal data.

It’s a popular and effective vector of infection – in UK businesses it is the most prevalent form of cyber-attack.

In this blog we explore the differences between the types of phishing attacks and how to protect against them.

How phishing works

Phishing is used to trick a user into following fraudulent links, clicking on fake websites or sharing confidential information. Malicious software like ransomware can then be distributed through these links to infect your device.

Phishing attacks are launched against all kinds of targets. This could be individuals, groups and businesses – it is totally indiscriminate. The aim of the hackers is to gain access to login information to financial accounts, personal information, or business networks.

These kinds of breaches result in stolen financial information, identity theft or loss of company data. Certain malware groups even look to steal Office 365 credentials to access a business’s environment.

In an organisation that shares files across one network, gaining a user’s confidential information could have devastating consequences. If the attack reaches the organisations server, it could be spread to hundreds of employees.

According to the Department for Culture, Media and Sport Cyber Security Breaches Survey 2022, phishing attacks are by far the most common vector of attack in the UK.

Businesses across all sizes and sectors were reportedly targeted but there is a clear prevalence amongst large firms (91%).

Email phishing

319.6 billion emails are exchanged across the globe every day so it must come as no surprise that email remains the largest attack surface for cyber criminals. So much so that 94% of malware is still delivered by email.

Hackers typically register fake domain names that pretend to be legitimate organisations. They then distribute emails on mass to unrelated groups or businesses.

According to Acronis the top-10 most commonly impersonated businesses are:

  • DHL

  • Microsoft

  • Gmail

  • PayPal

  • Twitter

  • Facebook

  • AOL

  • Hotmail

  • Hewlett Packard

  • WeTransfer

These emails usually aren’t targeted and are fairly easy to spot. The domain name will not match the legitimate business they are mimicking and the contents will usually contain spelling mistakes, unusual requests or an urgent call to action.

Spear phishing

Spear phishing is a type of phishing attack where a criminal targets a specific individual or group of victims. This kind of attack is far more targeted than general email phishing and normally more sophisticated.

The cybercriminal normally has some basic information about their targets which allows them to be specific in their attack. Spear phishing attacks tend to be more successful because they utilise personal information about victims which can make it harder to identify the threat.

Whaling

Whaling attacks are even more specific than spear fishing attacks. They target senior, high-profile individuals or groups in a business or organisation.

Just like with spear phishing, hackers attempt to build a strong profile on their victim for maximum effect. They make their attacks completely personalised and are likely to spend considerable time finding information on their target.

These kinds of attacks can be incredibly dangerous as high-level company employees tend to have extensive access to sensitive data and information so a breach could be enormously costly.

How to protect against a phishing attack

From raising staff awareness to cutting edge email security, there are plenty of ways to protect against phishing attacks.

Phishing attacks are easily preventable if you know what to look for. Encouraging vigilance and education amongst staff should seriously reduce the number of low-level breaches.

Deploying advanced email security solutions can protect your organization from all spam, phishing, viruses, and ransomware threats. In partnership with Acronis, we can provide Advanced Email Security that offers a multi layered defense approach. In October 2021 alone the Acronis Cyber Protection Operations Centers blocked 376,000 phishing and malicious URLs.

To hear more about what solutions are available to protect you from a phishing attack contact one of our team today on 01865 594930.

To receive all our latest updates follow us on LinkedIn, Facebook and Twitter.

Previous
Previous

OX IT Solutions sponsors Witney Rugby Club

Next
Next

How OX IT Solutions is making a work life balance a priority