Welcome to our brand NEW website

Call us on 01908 760 940

All the latest industry news.

Barracuda – There’s plenty of ‘Phish’ in the Sea

What is ‘Phishing’ and how do I recognise it?

Phishing is a cyber-attack that uses a hack disguised within an email or website and is used to change, destroy or steal data. It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and destructive, with techniques becoming increasingly sophisticated and harder to detect. Usually carried out online, the goal of a ‘Phish’ is to trick the recipient with a hook, for example sending an email, enticing the target into believing that the message they have received is genuine and something they want — for example a request from their bank, or a notification from someone in their company. This is normally followed by a link to click on or an attachment to download.

The key to running a phishing scam is creating a convincing replica of a secure website, that the target trusts. When you enter your username and password on a fraudulent site, you are effectively giving the scammers full access to your account and login details. To keep you from realizing you’ve been scammed, they sometimes pass the credentials along to the real site, so that it looks like you’re logged in normally. Your suspicions may only come when you find that your bank account is empty, or that you can’t log into your email and your friends are getting spam from you. Cyber-attacks typically target technology and computer information, with organisations posing as a higher risk compared to single users. If the security measures in place aren’t strong enough to protect our devices, anyone can become infected.

news there's plenty of phish in the sea

Top 4 Types of Phishing Attack

Deceptive Phishing |

The most common type of phishing scam is deceptive phishing, which refers to any attack where a fraudster impersonates a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users moving swiftly and completing the attackers’ request.

For example, the scammers might send out an attack email for Just Eat, instructing the target to click on a link to rectify a discrepancy with their account. In fact, the link leads to a fake Just Eat login page which is collecting all the details the user inserts and delivers them to the attackers. The success of a one of these deceptive phish emails, relays on realistic and closely the attack email resembles a legitimate company’s usual correspondence method.

Spear Phishing |

If you think of the traditional image of a fisherman aiming his spear at one specific fish, rather than just casting a baited hook to see who bites, you will see similarities between this, and techniques used by scammers. Spear Phishing occurs when attackers try to create a message or email aimed at a specific individual, by customising it with the target’s name, position, company, work phone number and other information to trick the recipient into believing that they have a connection with the sender. They must make the messaging appeal specifically to the target by tempting them with information that seems plausible as though, for example it is coming from their co-workers. The spear phisher might pretend to be the victim’s manager requesting a large bank transfer on short notice. The goal is to lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.

Spear-phishing is especially common on social media sites like LinkedIn, where attackers can easily find multiple sources of information to craft a targeted attack email. To protect against this type of scam, companies should invest in solutions that are capable of analysing inbound emails for known malicious links and email attachments.

Smishing and Vishing |

The term “vishing” stands for “Voice Phishing” and involves the use of the phone, whilst smashing stands for SMS or text messaging. Both attacks have the objective of collecting certain personal information. The hacker calls or texts the victim, pretending to be an operator, support centre or a bank with the intention of helping the victim with an issue they have noticed – for example with an unusual transaction from their bank account. The criminal will then ask the victim to provide payment card details to verify their identity or to transfer money into a ‘secure’ account – which is actually going into the criminal’s account live, without the victim even realising what has happened.

Whaling |

Denial of Service happens when a website becomes too overloaded with more traffic than it is built to handle. This results in the website preventing users from accessing it’s content, by shutting down completely. Naturally this can happen for a completely innocent reason, such as an over splurge in customers taking advantage of a ‘Black Friday Event’. However, nine times out of ten an overload in traffic will have malicious intentions. As a result, an organisation can lose access to their system and become unable to fulfil genuine requests.

Whaling attacks are even more targeted, taking aim at Senior Executives. The end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler. Tricks such as fake links and malicious URLs aren’t useful in this instance, as criminals are attempting to imitate staff.

Scams involving fake tax returns are an increasingly common. Tax forms are highly valued by criminals as they contain a host of useful information: names, addresses, social Security numbers and bank account information.

Spotting The Signs

To avoid the embarrassment of giving away your sensitive data to a fraudster, make use of available resources such as password managers and the phishing-detection system in your antivirus. Keep your eyes open, if a page comes with a suspicious looking link, if there’s no HTTPS lock in the address bar and it looks wrong in any way, don’t touch it! Trust your instincts!

Some top ways of protecting yourself include:

  • Educate yourself and your team about phishing so that everyone understands what it is, how to detect it and how to protect themselves.
  • Always check the authenticity of the link before you click on it. You can do this by hovering over the link, as this will tell you the real address, or copy and paste the link into a search engine.
  • Be wary when opening attachments from senders you don’t know, as these might contain viruses designed to steal personal or financial information.
  • Use AI to build a robust phishing detection system, that can keep up with security detection.
  • Enrol strong two factor authentication and make it more difficult for phishers to compromise accounts and passwords.
  • Don’t disclose any data if you are unsure, especially through cold calls and emails! It’s easy to panic when you’re on the phone and being told your bank account has had suspicious activity. Phishers often pretend to be someone else i.e. your bank or HMRC, which leads to their target believing they are talking to someone they can trust and ultimately hand over key information.
  • Change your passwords – it’s best practice to change them every now and then and not use the same password for multiple accounts. If a hacker gets in to one, they can get into others!
  • Be vigilant! If an email is badly worded or littered with spelling mistakes, it’s probably a scam. Legitimate companies will spend time crafting emails they send and they’re likely to proof-read them too, so bad grammar and dodgy spelling are likely to be picked up beforehand.

Nexus provide high care and quality assurance to deliver accurately and efficiently no matter the lead time. The communication and the relationship we have developed and established with Nexus is a major benefit to our organisation.

Sam Defrond
Arch Insurance

Helping to drive your business to success.

nexus fusion map

Looking to book a demo, be inspired or learn more; we’ll make sure to direct your query to the right person.

Call 01908 760 940 or Email sales@nexusfusion.co.uk
Nexus Fusion Ltd | Head Office Unit 2-3 Avant Business Centre, First Avenue, Bletchley, Milton Keynes MK1 1DL
ukas iso9001 logo
cyber essentials certificated plus

Discover the latest.