INSIGHT: What Is Phishing

INSIGHT: What Is Phishing

Phishing is a type of cyber attack that involves an attacker attempting to trick victims into revealing
valuable financial or personal information. Through various methods such as sending emails, text
messages, or even pop-up windows, attackers can convince someone to enter their sensitive
details into a malicious website. It is important for individuals to understand what phishing is in order
to protect themselves against this increasingly common form of cybercrime.

How Does Phishing Work?

At its core, phishing works by disguising malicious activities as if they were coming from a trusted
source. For example, the attacker may send an email that appears to be from a bank or other
legitimate business, asking the recipient to provide login credentials or other sensitive information. In some cases, the email may also contain malicious attachments or links that download malware
onto the victim’s computer system.

Types of Phishing Attacks

There are several types of phishing attacks that attackers employ to try and gain access to target
systems or networks. Some of these include: spearphishing, which targets specific individuals;
whaling, which targets high-level executives; and ransomware attacks, which install malware on
target systems and then demand payment for restoring access.

Signs of a Phishing Attempt

When it comes to identifying potential phishing attempts before they can do any harm, there are
certain signs and indicators people should look out for. Generally speaking, emails that come from
unrecognized senders and contain suspicious content are likely phish attempts. Suspicious emails
may have poor grammar and spelling errors as well as odd requests for personal data or money
transfers. They can also contain misleading URLs in links or attachments with suspicious file
extensions like .exe files.

UK Statistics on Phishing attacks

  • Of the 39% of UK businesses who identified an attack, the most common threat vector was
    phishing attempts (83%) Source: NCSC Survey 2022
  • Those aged 25 to 44 years are most likely to be targeted by phishing (Source TCSEW)
  • Of those who reply to or click on a link in a phishing message, more than a third (35%) do so for
    financial or material gain, and 30% to pay an invoice or bill Source: TCSEW
  • More than half (54%) of those who receive phishing messages say the sender had been posing
    as a delivery company, based on the trend for fraudsters to take advantage of the rise of online
    shopping and homeworking Source: TCSEW
  • A third (32%) received messages apparently from their bank or building society, and a quarter
    (25%) from government services Source: TCSEW
  • LinkedIn was the most impersonated brand, in phishing attacks recorded in 2022 (52%) Source:
    USecure
  • Following LinkedIn were DHL (14%), Google (7%), Microsoft (6%), FedEx (6%), WhatsApp
    (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%) and Apple (0.8%) Source: USecure

Defending Against Phishers

Fortunately there are steps you can take in order to minimize your chances of falling victim to a
phishing attack. As previously mentioned, being aware of common signs such as poor grammar and
suspicious requests can go a long way towards spotting scams before they occur. Additionally,
using anti-virus software on your devices is always recommended in order to detect any malicious
software that may have been installed without your knowledge. It’s also important not to open any
suspicious emails and instead delete them immediately without clicking on any links or downloading
any attachments contained within them – which could give attackers access your system or data
without your knowledge and consent. Finally, refrain from responding directly any type of email
request for personal information such as passwords; instead contact the sender directly through
another means (such as telephone) if you feel the request may be genuine after carrying out due
diligence checks first .

Other Tips To Stay Protected From Phishers

In addition to understanding what phishing is and how it works – there are other ways you can stay
ahead when it comes protecting yourself online. Firstly set up two factor authentication (2FA)
wherever possible – this will help make sure hackers cannot get into your accounts even if i they
somehow manage compromise one password.. Secondly use different passwords across different
sites so that even if one account becomes compromised the others should remain safe by default.
Finally never share sensitive information with strangers – even over seemingly secure mediums like
instant messaging platforms. Doing this might seem harmless but it can easily lead attackers having
access personal data like bank account numbers and credit card numbers.

Click here to download the full insight here