Recently we looked at what phishing is, and how it could be a threat to your clients and your business. We now look at the wider context of the threat – how common it is, and where it might come from – before reminding ourselves of some of the steps that can be taken to mitigate the threat.
How common are phishing attacks?
Phishing is an attempt to fraudulently extract information, such as passwords, by encouraging victims to click on a link or open an attachment that will deliver malware onto their device. And it happens more often than you might think.
- Verizon’s 2023 DBIR (Data Breach Investigations Report) found that 36% of all data breaches involved phishing.
- One of the main aims of phishing is to capture people’s login credentials. According to IBM’s Data Breach Report 2024, compromised credentials are the most common cause of data breaches – it found they were used in 16% of all cyber-attacks.
- A Digital Guardian report found that 90% of corporate security breaches are the result of phishing attacks.
Phishing in the UK
An Office for National Statistics report in 2022 revealed that UK organisations have experienced a 57% increase in “consumer and retail fraud” compared to pre-pandemic levels.
The positive news is that threat prevention specialists, Tessian reported in 2022 that the UK has the greatest global awareness of phishing. It found that 69% of respondents in the country could correctly define phishing. By contrast, that figure was 66% in Australia and Japan, 64% in Germany, 63% in France and Spain, and only 52% in the US.
Where can phishing attacks come from?
The share of spam emails sent from Russia has continued to grow, with a 2022 report from Russian multinational cybersecurity provider Kaspersky revealing that 29.82% of all malicious emails originated in the country. That’s more than twice as much as second-placed China (14%).
LinkedIn has emerged as the social media platform used most often in scams. Research from cyber risk specialist Check Point has found that, in phishing attacks that imitated a known brand, LinkedIn was used 52% of the time.
Here’s a reminder of what to be aware of and look when it comes to potential phishing attacks.
- Generic salutations
Is the email addressed to “Customer” or using another generic catch-all term? This could be a sign of mass phishing. Is it the kind of opening you would expect from the particular sender?
Some top tips can be found here Malicious URLs in phishing emails: hover, click and inspect again.
- Too good to be true?
If it sounds like it might be, then it probably is!
- Urgency
Whilst urgency can, of course, be a common part of business life, it’s also a common social engineering tactic seen in phishing attacks. Using time-sensitive offers, or time-critical demands aimed at rushing the recipient into action is a method that’s particularly seen in targeted or ‘spear phishing’ attacks. In such cases, the attacker could look to imitate an important customer, manager or senior colleague.
- Attachments and links
Some top tips can be found here.
- Email addresses
Does the sender’s address look how you would expect it to?
- Spelling and grammar
Whilst occurring in genuine emails, widespread spelling and grammar mistakes could be a sign that the email is not genuine. Does the tone and content of the email match what you might expect from the purported sender?
Other types of phishing
Although phishing is mainly associated with email, malicious actors can use a variety of other communication channels.
Video call / collaboration platforms
Video call and collaborative software, such as Microsoft Teams, Zoom and Slack, are now a central part of business life, allowing individuals, teams, and firms to interact seamlessly in real time. Malicious actors look to employ these tools as they do emails, using impersonation to contact a user and convince them of a message’s veracity, then urging them to take action.
One of the tactics seen in recent cases involves a message purporting to come from a senior colleague or manager, and structured in such a way as to generate an immediate response.
For example, this could be asking the recipient to take urgent actions to assist with an important business process (such as a payment or transfer), or presenting information that will be of special interest to the recipient (e.g. a restructure within the organisation, news of a takeover, or that the recipient’s position with their employer maybe in question).
Within Microsoft Teams, if contact is received from an external source, the following text will be presented below the sender’s name:
Whilst the sender’s name may be presented to appear familiar, hovering over the name will display the sender’s email address.
Microsoft have publicised some information here around managing external contacts.
Text or direct phone message
Smishing (short for SMS phishing or text phishing) occurs when these same tactics are used to launch an attack via mobile phone messaging.
These attacks are often quite generic, focusing on an issue that’s likely to affect a large number of people. This is because they are often delivered to thousands of people at time – an example of mass phishing.
Previously identified examples of this have included issues such as COVID jabs. Another very recent attack, shown below, refers to Winter Heating Subsidies – an issue well reported in the news, and of obvious interest to large numbers of people.
