Whether you are an employer that stores proprietary data or an individual with financial and personal information online, you are at risk of cyber-attackers, with their methods continuing to evolve daily.

Their techniques include malware, ransomware and disrupted denial-of-service attacks, but the most common and difficult-to-spot is Phishing.

What is Phishing?

This attack is a simple one that requires minimal technical know-how and can be deployed from anywhere in the world via a standard email into your inbox.

Phishing is used by attackers to obtain a targets personal information by the sending of a scam email that pretends to be a trusted company or person and asks the target to provide their sensitive information for financial gain.

They use fraudulent emails and websites designed to look legitimate in order to trick individuals and gain account passwords and details.

Phishing looks to exploit human error and misjudgement instead of the traditional cyber-attacks that would aim to target digital defences and firewalls.

The Phishing message will likely include alarming or suggestive language to fool victims into:

Doing any of the above can infect a computer and lead to sensitive information being stolen.

According to research has revealed that almost 40% of UK organisations experience a phishing attack every year. Even huge scale companies such as Facebook or Google can be successfully scammed, with the tech giants phished for over £76 million each in 2017.

Spear Phishing

Typically, under traditional phishing attacks, a scammer will send out the fraudulent email to as many people as possible, and although they are affective, the broad nature of the attack can make them easy to spot by a trained eye. Spear Phishing attacks are a lot more targeted and sophisticated and can be a lot more convincing.

With Spear Phishing the scammer narrows the scale of who they target with fraudulent emails. The cyber-criminal uses research into the individual’s online activity and profile to make more personalised bait.

Although the criminal targets a smaller group of people, their highly customised attacks are far more likely to succeed as an individual is a lot more likely to believe it is legitimate.

Phishing vs. Spear Phishing

Example of a Phishing email:

Dear Customer,

Our records indicate that your billing information is out of date. To avoid late charges on your account, please update your information at this link.

Thank you,

Apple Customer Services


Example of a Spear Phishing email:

John – I need an iTunes gift card as a present for a client, can you get some at the store? Let me know to advise denomination to purchase – Thanks!

Joe Gibson

CFO

Honeybeat Inc.

Tele. 5555 555


Spotting an Attack

When trying to identify a Phishing scam, it is best to be over-cautious. Whilst the identification of any fraudulent scam email may be difficult, the following questions should be kept in mind whenever you receive something suspicious in your inbox:

Avoiding scams

Keeping these questions and tips in mind when looking at suspicious emails can prevent you or your company from falling victim to a Phishing scam.

For more information on Cyber-security, or to speak to a broker

Click here