Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

What is Phishing?

Written by  Aug 15, 2019

Like actual fishing, it’s no fun to be on the end of the hook. Phishing is defined as the fraudulent use of electronic communications to deceive and take advantage of users.

Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more. By posing as a legitimate individual or institution via phone or email, cyber attackers use social engineering to manipulate victims into performing specific actions—like clicking on a malicious link or attachment—or willfully divulging confidential information.

Both individuals and companies are at risk; almost any kind of personal or company data can be valuable to the unscrupulous, whether it be to commit fraud or access a companies network. In addition, some phishing scams can target business data in order to support espionage efforts or spying on competitors.

Phishing Methods

Phishing attempts normally start with an email attempting to obtain sensitive information through some user interaction, such as clicking on a malicious link or downloading an infected attachment.

A good rule of thumb to avoid such scams is to consider the old adage of, “it’s too good to be true,” and to never click on links within emails. When it comes to attachments, asking colleagues to distribute them over file sharing platforms is safer and less susceptible to manipulation than emails which can easily be spoofed to look like they come from somewhere legitimate.

Using covert redirection, attackers are also capable of corrupting legitimate websites with malicious pop-up dialogue boxes that redirect users to a phishing website.

Infected attachments, such as .exe files, Microsoft Office files, and PDF documents can install ransomware or other malware.

Phishing scams can also employ phone calls, text messages, and social media tools to fool victims into providing sensitive information.

Social Engineering: The Science of Human Hackingamazon uk

Phishing Attack Types

Some specific types of phishing scams use more targeted methods to attack certain individuals or businesses.

Spear Fishing

Spear phishing email messages are targeted attacks and not at all random. Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customised messages.

Clone Phishing

Attackers are able to view legitimate, previously delivered email messages, make a nearly perfect clone copy of it and then change an attachment or link to something malicious.

whaling

Whaling

Whaling specifically targets high level users in a company, such as senior managers or directors. The content of a whaling attempt will often present as a legal communication or other high-level related content.

How to Prevent Phishing Attacks

It is important that you should educate employees to prevent phishing attacks, particularly how to recognise suspicious emails, links, and attachments. Cyber attackers are always refining their techniques, so continued education is essential.

What to look for in a typical phishing email:

‘Too good to be true’ offers
Strangely spelt sender names
Poor spelling and grammar
Threats of account shutdown, etc., particularly conveying a sense of urgency
Links, especially when the destination URL is different than it appears in the email content
Unexpected attachments, especially .exe files

It would be advisable to say that if anybody receives an email that they are at all suspicious about, should contact the IT department who can check the validity of the sender, the website links or any attachments.

Phishing is still a very popular cyber attacking method and can make the unscrupulous sender a large of money. Now we don't want that do we.

1 comment

  • Callum P
    Comment Link Callum P Sunday, 27 October 2019 12:10

    Excellent well written article, I look forward to reading more articles on your blog

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Advertisement
Symantec Home 120x60

Advertisement