News & Insights

Phishing – How to Avoid Being Caught Hook, Link and Sinker

Rachael Simpson

Read Time Mins

Today, no one is immune to the underhanded tactics of cybercriminals – your passwords, phone numbers, and credit card details can become their prey through ‘phishing’. In this article, we talk to our CEO Paul Hague, and CTO Mark O’Neill, discussing how these ‘digital bandits’ excel in masquerading as authentic sources, promising you something you need or desire…

 


 

What is ‘Phishing’?

Phishing is a type of cyber attack where cybercriminals impersonate legitimate organisations, often through email, to deceive individuals into providing sensitive data, such as usernames, passwords, and credit card numbers. The goal of phishing is usually to gain unauthorised access to systems or to commit financial fraud.

Key characteristics include:

  • Deceptive emails that appear to come from trusted sources, such as banks, popular websites, or even internal company departments.
  • Using threatening language to create a sense of urgency and pressure to ‘take immediate action’ / ‘act quickly’
  • Links or attachments that don’t look quite right – these links will lead to fake websites that collect your credentials or attachments that infect your computer with malware

 

Let’s debunk the myth: phishing isn’t always easy to detect

“These schemes cunningly use compelling visuals and persuasive narratives that can make you second guess your instincts,” begins Paul. “Therefore, you can never underestimate the importance of vigilance when it comes to divulging sensitive information”.

Whilst it may feel like some time ago, the Covid-19 pandemic is a good example. An APGW report laid bare the stark reality of escalating phishing threats in Q1 of 2020 which witnessed a staggering peak in phishing activity, unmatched since March 2016. The ominous count? Over 60,000 phishing sites were discovered in March that year alone. Add to that, ProPrivacy’s revelation that a significant 25% of COVID-related websites were marked as suspicious, pointing towards increasingly targeted and realistic phishing scams.

Hence, staying informed about the variety of phishing techniques is key to keeping your guard up, emphasises Mark: “Spear phishing, for instance, is a highly personalised social engineering attack where the cyber villain assumes the persona of a trusted authority. Whaling or CEO fraud, on the other hand, zooms in on high-ranking personnel, with the hacker masquerading as a top-tier company executive.”

So, how can you fortify your home or your business against such threats?

“Begin by scrutinising any suspicious emails or text messages”, says Paul – particularly those seeking payment information. “Warning signals might include messages about unexpected account activity, issues with your credit card, or too-good-to-be-true discount codes”

The rule of thumb here? Pause, ponder, then proceed.

Mark adds, “Leverage the benefits of two-factor authentication, which places an additional hurdle in the hacker’s path, disrupting their access to your complete login process”. A password manager can further bolster your defence, keeping your passwords and other critical data shielded.

“Creating a cyber-aware workforce is a key deterrent against phishing attacks,” Mark continues. “Ensure your team stays ahead of the curve with the latest malware and security advancements. Encourage them to scrutinise URLs to verify their legitimacy and to be alert to the HTTPS (secure) versus HTTP (non-secure) distinction in web addresses.”

Ultimately, the best defence against phishing is an advanced offence

“Staying informed and proactive is your strongest defence.

Paul Hague

Equip yourself with a leading-edge cyber-defence solution that evolves with emerging threats and industry trends. To understand how to fortify your business against phishing threats and boost your cybersecurity game, talk to us about how we can protect your business from phishing scandals and increase your cyber-security.