Do you ever look at an email and think twice about its authenticity?

Well your definitely not being paranoid, these emails are known as phishing emails which in the recent 2021 government survey identified to be the most common form of attack on businesses and individuals.

What is a phish?

Phishing is when cyber criminals impersonate companies or “Persons of Authority’ such as a bank or government agency to mislead users into revealing information, making payments or downloading malicious software usually through emails. Recently phishing scammers have branched onto mobile messages so this blog concerns both email and mobile.

The main types of Phishing 

Mass scale – This is the most common of phishing scams because it’s so easy for cyber criminals todo. What cyber criminals will do is send a mass amount of emails to hundreds and even thousands of people at once with a generic email that could relate to anyone. This method relies on the chance that one or two people fall for this scam.

Spear Phishing – This method is much more direct. Focused at an individual or group of individuals. This method for the victim is much harder to identify as the cyber criminals will have knowledge of your personal details from other sources making the scam that more believable.

Whaling – A version of spear Phishing which targets a high value member within an organisation such as directors.

The impact Phishing causes

Depending on the attack the damage could be severe towards an individual or business. 

For individuals most phishing scams will try to gain personal information which can then be related to further issues such as identity theft. 

Companies can suffer massive loss of revenue on top of hefty fines if they were to suffer a phishing scam that affected customers. Phishing can affect companies in many ways and usually with diverted time which would be prioritised to fixing the issue.

However, if at all a phishing scam entered the companies system and leaked private information about clients, then the company could face a fine of up to £17.8 million or 4% of global revenue if the digital security of the company did not meet UK GDPR guidelines during an investigation.

Another big phishing impact would be to get you to install something onto your computer. If you didn’t know, downloading links from people you don’t know is usually a bad idea but if it were from a phishing scammer you could be installing anything onto your computer, Malware, remote monitoring and control software, viruses and others. This can then result if data loss and your system being held for ransom.

Anyone is a target

Phishing can affect even the most technologically and financially advanced businesses. A false invoice phishing attack impersonating one of Facebook’s main Asian-based suppliers cost the company $100 million between 2013 and 2015. Crelan Bank in Belgium lost $75.8 million in a CEO fraud scheme that was only discovered through an internal audit.

The criminals responsible are yet to be found.

How can I recognise phishing scams myself?

Suspicious attachments or links.

An infected attachment is a document that appears to be normal however conceals malware. It is recommended that you never open an attachment unless you are certain the message is from a legitimate source. The validity of the download will be flagged by your anti-malware programme if you have one. If this is the case, don’t go any farther.

Look at the email address.

Many people don’t look at email addresses, we cut straight to the content. Phishing scammers have found ways of displaying names that don’t correlate with the email address. This disguises the true origin of the email.

Genuine emails will have organisation names in the domains such as @paypal.com and @barclays.com. If they look any different then you should ignore the message and block the domain.

Another part would be that domains are misspelt in ways that are indistinguishable from the ones being impersonated. Creating a domain extremely similar to a company is called Typosquatting. ‘Google’ could be changed to ‘Yoogle’ or ‘Voogle’ in the chance that you wouldn’t notice the difference, this is because our brains are able to correct spellings without us even knowing and why we can read jumbled letters if placed correctly.

Messages require immediate action.

The longer you think about it, the more likely you are to notice something is amiss. The attackers are well aware of this. As a result, they use strategies to convince you to act now rather than later. PayPal, Windows, and Netflix are examples of frequently used services that are vital to the majority of people. As a result, they’re great because you’ll be able to deal with them right away.

The solution

Although very serious these are very easily and solvable problems:

1. Educate yourself and your employees. Noticing phishing emails today is crucial and can save you a lot of time and money. Spam filters will never be 100% effective so everyone is responsible for protecting their email and their organisation. Spending some on training your employees is much cheaper than the losses that you could receive from phishing scams.
2. Identify scams and report them to others. This gets the word out about emails to ignore.
3. If you were to receive anything immediate from your bank or government which you don’t recognise then you should contact them directly (over the phone preferably).
4. Use the knowledge within this blog to help you better understand how phishing scammers operate.

We hope that this blog helped you in some way. If you think that you have fallen victim to a phishing scam we may be able to assist you or point you in the right direction to recovery.

Please feel free to contact us at any time;

Phone: 01903 357002

Email: contact@atsconnection.co.uk

Get in touch