Tackling the Phishing Problem

Phishing is a form of social engineering, whereby fraudulent communication (usually email) appears to be from a trusted source. It deceives people into divulging sensitive information or enabling malware to be installed.

The Frequency of Phishing

Phishing threatens companies because employees may open malicious links and emails. In fact, research shows that this is the most common type of cyber threat facing UK businesses. In 2022 phishing formed 83% of attacks, up from 77% in 2021. This year three million data records are expected to be compromised due to phishing attacks.

According to IBM, the sectors most targeted in 2022 were:

• Financial – 23.6%
• Software-as-a-Service – 20.5%
• E-commerce – 14.6%
• Social media – 12.5%
• Cryptocurrency – 6.6%
• Payment – 5%
• Logistics – 3.8%

6 Types of Phishing Attack

1. Bulk phishing – sending a high volume of untargeted emails.
2. Social media phishing – fake accounts posting malicious links or data requests (surveys, for example).
3. Spear phishing – identifying and targeting a specific person or business.
4. Smishing – attacks via text messages.
5. Vishing – attacks via phone or VOIP.
6. Whaling – specific targeting of company executives.

Phishing Solutions

It’s important to appreciate that 95% of cybersecurity breaches are caused by human error. 12% of users who open a phishing email click the harmful link. Therefore, reducing human cyber risk is essential.

“Regular security awareness training and support help employees to identify, avoid and report phishing attacks,” advises Eric Hughes of EMH Technology.

6 solutions to help protect your business from phishing attacks are:

1. Team Awareness. Keeping employees up to date regarding the nature of recent scams and malware, plus best practises regarding unknown sources. Some companies send fake emails to monitor how many employees open fake emails and click on unknown links. Phishing emails often contain:

• grammatical errors,
• scare tactics, and/or
• dangerous attachments.

Cyber Essentials is a UK government-backed scheme that sets out the minimum requirements for cyber security in organisations. Discover how to achieve Cyber Essentials accreditation quickly and easily.

2. URL Detection. Spending time checking links, especially if they have been shortened, is important. Copying the address and putting it into a search engine will offer details about the company supposedly behind the email. Also, the URL should be secure, starting with HTTPS (the ‘S’ showing that the website is secure).

3. Firewall Installation. A firewall protects your devices against malicious software infecting your computer. It must be maintained to ensure it offers the latest security.

4. Multi-Factor Authentication (MFA). This should be adopted for all email logins, ensuring that two devices or layers of information are needed to access accounts.

5. Anti-Virus Solutions and Spam Filters. These add an extra layer of protection and an email filter respectively.

6. Good Password Management. Choosing passwords wisely and updating them regularly is key to cybersecurity. See our top tips for managing passwords safely.

Are you concerned about cyber attacks against your business?

Would you like to discuss how your organisation can be proactive to combat phishing and other cyber attacks?

Let’s talk! An initial discussion is without cost or obligation … or tech jargon. We’ll explore the options in plain English.