Spotting something 'phishy' - keeping businesses safe

FOR INTERMEDIARIES ONLY

Spotting something 'phishy' - keeping
businesses safe

Posted: 09 January 2023

Over half of adults admit to having been targeted in a phishing scam¹ and recent macroeconomic events such as the Covid-19 pandemic and cost of living crisis have only exacerbated the situation. But what exactly is ‘phishing’, how do you recognise it, and what’s the best way to avoid being caught out?

What is 'phishing'?

Phishing is a type of social engineering which involves sending a fraudulent message (generally an email but potentially also a text, website, advert or phone call) designed to trick individuals into revealing sensitive information and/ or data, or to deploy malicious software on the victim’s infrastructure.

It’s not just individuals who can fall victim to phishing; according to government data, phishing attacks on businesses have risen from 72% to 83% in the last 12 months.²

Why should businesses be aware of phishing?

Organisations of any size can be targeted by a phishing attack. If carried out successfully, phishing can have severe consequences for a business, including:

business disruption, with systems disabled and staff unable to work
loss of intellectual property and data
reputational damage
a drop in company value, with diminished investor confidence
regulatory fines and financial penalties where data privacy laws have been compromised.

Of all the types of breaches and attacks reported by organisations, the most common by far is phishing.

(Cyber Security Breaches Survey 2022)

How to recognise a phishing scam

Cyber criminals are using increasingly sophisticated methods to deploy phishing attacks. When being on the alert for phishing attempts, the following can be a sign:

a 'dodgy' or unrecognisable looking domain name
a claim of authority (e.g. posing as a solicitor or government department)
poor spelling or grammar
suspicious attachments or links
a sense of urgency (being given a limited time to respond)
a request for sensititve information

How can businesses protect themselves?

Employee education

A key part of mitigating successful phishing attempts is to educate employees on how best to recognise phishing and what to do in the case of an attack. It’s recommended to run training on this and ensure staff are clear on how to report a suspected attack. Naturally, remote workers should be included in any such training.

Password tools and policies

Businesses can make use of password manager tools and encourage the use of strong passwords with special characters, with regular expiration dates.

Use multi-factor authentication for company systems

This involves requiring a user to successfully provide (at least) two pieces of evidence in order to verify their identity and log in, such as a password and one time access code.

Carry out phishing simulations

Companies can run mock phishing tests where they send an email to employees designed to mirror a typical phishing attempt. This measures staff awareness levels and can indicate a need for further training/education.

How can brokers help in the fight against phishing

Brokers can act as a ‘first line of defence’ in fighting fraud. By helping to educate customers on types of fraud and reporting any instances through the appropriate channels, insurers and brokers can continue to make it tougher for cyber criminals to succeed.

Further information

You can report suspected insurance fraud confidentially via the insurance Fraud Bureau and cyber crime via Action Fraud.

10 steps to Cyber security - National Cyber Security Centre

Insight

Living with Evs: considerations for fleet managers and motor traders

For Fleet Managers and Motor Trade operators, living with EVs brings new challenges and opportunities.

Find out more Living with Evs: considerations for fleet managers and motor traders

Insight

Directors and Officers: Risks and insights 2026

A complex economic environment and a constantly evolving risk horizon present challenges for anyone running a business.

Read more about Directors and Officers: Risks and insights 2026

Insight

The top risks for UK businesses in 2026

The Allianz Risk Barometer is an annual global report identifying the most important corporate concerns for the year ahead. It’s based on the insight of over 3,300 risk management experts from more 97 countries and territories.

Read more about the Allianz Risk Barometer 2026

Insight

Weathering the storm: construction risks

Having a robust risk management strategy in place can help to minimise disruption and expense, whatever the weather.

Find out more weathering the storm

Insight

Top 5 trends in the construction insurance market

The construction industry is constantly evolving, and with it, so is the insurance market that supports it. From the way projects are insured to the technologies shaping new builds, insurers must adapt quickly to keep up.

Read about the top 5 trends in construction insurance

Insight

Designing vehicle risk ratings fit for the future

Now, as the motor industry enters its most transformative era ever, the insurance industry is responding by reviewing how we rate vehicles to ensure we are prepared for the vehicles of the future.

Find out more about designing vehicle risk ratings

Insight

Truth matters: How to spot and stop motor fraud

Learn how to spot and stop motor fraud, keeping coverage honest and trust intact with practical strategies.

Home truths: Avoiding misrepresentation in insurance

Help customers avoid misrepresentation in home insurance with clear guidance, transparency, and handy tools for smooth claims and happy outcomes.

Don’t get haunted by fraud: Spotting ghost brokers

Learn how to spot ghost brokers and protect your customers from fraudulent motor insurance policies with practical advice.

Don’t take the bait: How brokers can outsmart phishing scams

Learn how brokers can outsmart phishing scams with strategies to protect sensitive data and enhance cybersecurity.

Fake staff, false claims: How to spot and stop insurance scams

Staff impersonation and fraudulent claims processing are deceptive practices where individuals pose as legitimate employees or manipulate claims to extract money or benefits unlawfully. These tactics can severely impact brokers, leading to financial losses and reputational damage.

Read more about fake staff, false claims

Insight

Crash for cash: unmasking the tricks behind exaggerated claims

'Cash for crash' schemes are becoming more common in the insurance world. These involve exaggerated claims after planned accidents, creating problems for insurers, brokers, and customers. Knowing how these schemes work and communicating clearly with your customers can help reduce their impact.

Ransomware: Don’t let cybercriminals hold your business hostage

Ransomware attacks are a growing concern in the insurance world, especially for brokers who handle lots of sensitive information. These attacks involve nasty software that locks you out of your own data until you pay a ransom. Let's dive into the risks and how you and your customers can steer clear of these digital headaches.

Helping to protect your business from the growing threat of storms

Storm damage consistently ranks as the second most common cause of commercial property insurance claims, closely following behind escape of water incidents, according to Allianz internal quarterly commercial property claims report.

Find out more about protecting your business from the growing threat of storms

Insight

10 ways to combat underinsurance

Finding out at the point of claim that cover is insufficient and that a business is underinsured, can have devastating consequences. Here are 10 things you could consider with your customers to help them avoid being underinsured.

1. Office for National Statistics. Phishing attacks - who is most at risk? 26 September 2022.

2. Gov.uk. Cyber Security Breaches Survey 2022.