Phishing is a type of social engineering which involves sending a fraudulent message (generally an email but potentially also a text, website, advert or phone call) designed to trick individuals into revealing sensitive information and/ or data, or to deploy malicious software on the victim’s infrastructure.
Over half of adults admit to having been targeted in a phishing scam and recent macroeconomic events such as the Covid-19 pandemic and cost of living crisis have only exacerbated the situation. But what exactly is ‘phishing’, how do you recognise it, and what’s the best way to avoid being caught out?
What is 'phishing'?
Why should businesses be aware of phishing?
Organisations of any size can be targeted by a phishing attack. If carried out successfully, phishing can have severe consequences for a business, including:
- business disruption, with systems disabled and staff unable to work
- loss of intellectual property and data
- reputational damage
- a drop in company value, with diminished investor confidence
- regulatory fines and financial penalties where data privacy laws have been compromised.
Of all the types of breaches and attacks reported by organisations, the most common by far is phishing.
(Cyber Security Breaches Survey 2022)
How to recognise a phishing scam
Cyber criminals are using increasingly sophisticated methods to deploy phishing attacks. When being on the alert for phishing attempts, the following can be a sign:
- a 'dodgy' or unrecognisable looking domain name
- a claim of authority (e.g. posing as a solicitor or government department)
- poor spelling or grammar
- suspicious attachments or links
- a sense of urgency (being given a limited time to respond)
- a request for sensititve information