Phishing Attacks: How they work & the steps you can take to overcome them

New research shows that phishing attacks remain a significant cyber security issue for organisations and consumers alike. Cyber attackers are as adept as ever and continue to use tactics and lures that resonate with their targets, baiting them into handing over sensitive information, passwords and more.
 

1. What is phishing & how big is the problem?
 

According to Proofpoint’s 2022 ‘State of the Phish’ Report 2022′, 86% of organisations have received a phishing attack in the last 12 months. Up from 77% in 2021.
 

Phishing is a type of social engineering attack which occurs when a malicious individual uses convincingly crafted, yet devious emails, instant messages, or text messages designed to prompt action from their targets, tricking unsuspecting victims into sharing their confidential information such as passwords, account details and financial information. The recipient is directed to click malicious links, which can lead to the installation of malware, revealing sensitive information or the freezing of their system as part of a ransomware attack.
 

2. Spotting a phishing email
 

Attackers are always looking for new ways to bait their victims, often using current events as hooks to get them to click on malicious links. For example, This Article from ‘Which?’ highlights how despite Covid-19 restrictions ending, malicious individuals are using a spike in cases of the Omicron variant to send out text messages telling you to order a test through a malicious website.
 

Although phishing attacks have different targets and methods of delivery, they all share certain characteristics. Common signs of a potential phishing attack are:
 

Spelling mistakes or out-of-place grammar is a giveaway that the email you have received might not be from a genuine source. These mistakes are often found in the subject line of phishing emails to confuse spam filters but can also be found in the main body of text.
 

Generic greetings, such as “Dear Customer” & “Dear – your email address”, poor use of English and bad graphics. Also, the sender’s email is often unnecessarily long rather than a standard name@companyname.co.uk.
 

3. Educating your team & measuring awareness
 

Your employees are your greatest resource, but also one of your organisation’s weakest links. Security Awareness Training provides your business with a comprehensive new-school approach that integrates baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment through simulated phishing attacks to help you build a more resilient and secure organisation.
 

4. How does Security Awareness Training link to a wider security strategy?
 

Implementing security awareness training to educate your team is a key aspect of a wider security strategy. Alongside training and education, implementing strong perimeter security forms a holistic security strategy which enables your organisation to defend against the majority of incoming threats.
 

However, it is no longer enough to focus all your security efforts on keeping threats out. Successful Cyber breaches are now a case of ‘when’, not ‘if’ and a robust backup strategy can be instrumental in helping you recover, ensuring you have access to a clean copy of your data which you can restore.
 

If you think your organisation has been the victim of a phishing attack or you would like to speak to one of our specialists about protecting your organisation against cyber threats, please Click Here to speak to one of our specialists. Alternatively, existing customers can contact their designated Account Manager.