- Phishing attacks form at least half of the total cyberattacks in the UK, making it essential that you’re aware of what they are – and how to prevent them.
- In this article, we’ll outline 5 of the most common phishing attacks in the UK, including spear phishing, whaling, angler fishing, smishing, and vishing.
It’ll come as no surprise that cyberattacks are commonplace in the UK.
But, despite what Hollywood movies would have you believe, the bulk of these aren’t carried out by a team of elite hackers. Instead, 55% of UK cyberattacks now involve phishing attempts. That means that, for the most part, attackers are now attempting to steal employee’s credentials, or simply trick them into giving them willingly, rather than brute-forcing their way in.
So, as a UK business, what do you need to know and how do you prevent becoming a victim?
Well, knowledge is power, so let’s look at the 5 most common phishing attacks in the UK – and how to avoid them.
“Spear phishing” might sound like an afternoon activity for a caveman, but the reality is something quite different.
Unlike conventional phishing, which targets a large volume of users with a fairly transparent attempt at stealing credentials and passwords, spear phishing is a much more targeted effort. In many cases, the attackers will create an email which is almost indistinguishable from a genuine one, even going so far as to use an email address in the “From” field which resembles the real one – at least at a glance.
Spear phishing is designed to trick users into clicking a link and willingly giving away their login credentials. To mitigate this, your company could create filters which tag incoming emails as external so that internal users know if someone’s trying to fool them. Alternatively, you could hold awareness training with your team or, to be really sure, you could even do “phish testing”. This is where you send a dummy phishing email to test your team’s response and educate accordingly.
“Whaling” is a cyberattack which is gaining some traction, especially in larger organisations whose teams who are spread across the world.
Whaling cyberattacks work by sending emails to a company which appear to be sent from an executive or other important member of the business. Naturally, most employees would open such an email, and can inadvertently give away business-critical files, like payroll information.
To avoid whaling attacks, employee education is essential. Along with tech solutions like tagging external emails, teaching your team how to distinguish a real internal email from a fraudulent one could genuinely save you millions.
With the huge rise in the popularity of social media, it’s no surprise that cyber-attackers are taking full advantage.
The “angler phishing” attack takes place on social media platforms like Facebook and Twitter, and relies on the open nature of these platforms. Here’s how it works: the attackers monitor social feeds and wait for someone to @tag a particular company with a complaint or question about their account. From there, attackers can use a fake social media account to pose as the company’s customer support team. A quick response and a few DMs later and you can see how some people might willingly hand over their passwords and other sensitive data.
As a business, you can avoid having an angler phishing attack posing as yourself by ensuring your genuine social profiles are well-advertised on your website and email signatures. Beyond that, you can also report any accounts which are posing as you to the social platforms – before they become a threat.
Mobile phones have quickly become part of the online security ecosystem, especially with the rise of measures like Multi-Factor Authentication. But mobile phones aren’t immune to cyberattacks, as the “smishing” attack proves.
At its most basic level, smishing refers to any phishing attack which uses SMS text messaging as its vector. Because text messages tend to be more personal and targeted, smishing attacks can be very effective, especially if they’re sophisticated enough to spoof the incoming phone number within the message.
To avoid your team falling victim to smishing attacks, it’s always worth double-checking the source of the text before responding.
“Vishing” (or voice phishing) is another form of telephone-based phishing, only this time it refers specifically to a phone call.
Attackers will phone the user and pose as an employee of another company, often a bank, to attempt to pilfer sensitive information like PIN numbers, passwords, or even the codes for bank card readers.
Luckily, vishing is quite easy to avoid from a B2B perspective, as most banks won’t ever ask you for these personal details over the phone. If in doubt, just hang up the phone, find the bank’s legitimate phone number from their website, and call them back. Doing this can quickly reveal a scam if someone’s trying to catch you out.
Want a cyber-security check-up? Our IT support team is here to help
With so many potential phishing attacks out there, you’ll want to be certain that your IT security is up to scratch.
At Get Support, we’ve spent decades assisting UK businesses with security hardening and prevention of cyberattacks – so we’re the right IT support company for the job.
For a free IT health check, just give our team a call today on 01865 59 4000 and we’ll help you better understand how to prevent the worst from happening to your business.