Significant financial damage and data losses are something that are gaining increasing exposure in the United Kingdom.
15/08/2019 – Toni Dines
In the United Kingdom and globally, the cost to organisations recovering from data theft, breach and cyber-attacks are spiraling out of control.
Business and organisations in the UK are becoming increasingly aware of the training, awareness and education that staff and personnel are lacking and unfortunately, it’s normally always after the event of something detrimental happening within the business which affects the operations, integrity and finances of a business.
Hackers across the globe are making the most of this known flaw in training of staff, development of security practices and lack of identifying risk at appropriate times. With Phishing attacks a daily occurrence in all digital businesses now, attacks have become sophisticated. Phishing is the process of attempting to solicit or acquire sensitive information from the organisations they are attacking.
More often that not, they are looking for log in information to networks and service suppliers or banking information by obtaining usernames, passwords and debit card or credit card details.
The are successful in these attempts given they can masquerade themselves as being from a trusted and known source to those individuals or businesses. By attacking the companies using bulk email domains and attacks, they can do their best to avoid spam filters, which are also often inadequate.
What are the types of Phishing?
Vishing
This is where an attacker uses as voice call in an attempt to breach data. With social networks being the largest networks and data storage organisations on the planet, is it no wonder these sophisticated hackers are comfortable in confidently and clearly communicating with staff and personnel over the telephone. They can call and contact in the name of friends, relatives, colleagues or on any related business or brand that they either like or closely associate themselves with.
Spear Phishing
Most see that Speak fishing is one of the most professionally viewed ways of phishing. Most common and traditional wats of phishing campaigns send a mass or bulk email to as many people as possible within a business or organisation that they are trying to infiltrate.Spear phishing is far more refined in its approach. Instead of bulk attack on email, the hacker will attempt to attack certain individual(s) that they believe will be more affective in compromising (they may have access to bank accounts, financial information, usernames, security etc.). With this type of attack, the well-refined hackers will ensure that the email or correspondence is personalised towards the individual. They take advantage of such individuals not being skilled in identifying their email amid very similar emails i.e. “your outstanding invoice” making their chances of success, better.
Email and Spam
Email and Spam phishing are the most common technique used in an attempt to obtain sensitive information and data. A bulk email can easily be sent instantaneously to hundreds of thousands of users requesting them to forward or fill in information in relation to their personal details from a ‘trusted’ brand or business partner.Once this information is then obtained, these details will then be used by the hackers or phishers for their illegal activities in wider organisations. In most cases where email and spam phishing takes place, most of the messages have an ‘urgent note’or come with red flag markers making the receiver believe they need to be urgently attended. Often, the form will include the request for the user to enter credentials to update account information, change details, or verify accounts with that trusted brand.
Web Based Delivery
This is one of the most phishing and difficult techniques used by phishers. This is known in the cyber security market as often “man-in-the-middle,”. This is where a hacker will position themselves in betweenan original website and the phishing system that they have developed. The phisher will then ensure that they trace details during a transaction between the legitimate website and the user of that website, interrupting that transaction and data. As the user continues to put information into the website and or the system, it is gathered by the phishers, without the user or the original website knowing about it.
Website Replication
Many hackers and attacks can be successful through developing and launching very similar websites to the organisations that are holding their targets sensitive and personal information. This is an effective way of collecting information as when an individual clicks on the website, everything will appear as it should. The back-end of the website will simply collect any imputed data and release it to hackers.
Phishing through Search Engines
We have found that phishing scams can also heavily involve the search engines that are constantly used on the internet including the likes of google and Bing. These phishing scams direct the user to product sites which may offer low cost products or services but don’t actually even exist. When the of the search engine then tries to buy the product or service by entering their card details, it’s collected by the phishing sit itself and subsequently the hackers. There are an unknown amount of fake banking websites offering credit cards, loans, business accounts and credit to potential victims at a low rate but they are actually phishing sites.
Smishing (SMS Phishing)
This is a type of phishing that has becoming increasingly common in recent years, globally. This type of phishing is conducted via Short Message Service (SMS) to any mobile phone user. A telephone-based text messaging service will be utilised and a carefully written smishing text will be sent to the potential victim with various attempts to obtain sensitive information by revealing personal information via a link or by texting a reply back to the number. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.
Malware
Malware is increasingly in the headlines, television news and papers in recent years. This is where users are denied access to a device or files within their own network or system until a financial ransom has been settled with the hackers themselves. Virus protection of old is simply not complex enough to handle these types of attacks and it relies on a user being tricked into clicking on a link, opening the attachment or download that allows the malware to ransomeware to do it’s job.
Wi-Fi
This is something that really needs educating among businesses and staff across the UK. Wi-Fi Hacking is where a hacker uses a device such as or like a pineapple. This is effectively a tool used where hackers can actually set up their own Wi-Fi network. In most instances, the hacker will attempt to use a popular name for their Wi-Fi like “O2 Business Wi-Fi” or “BT Cloud Wi-Fi”. This is then common in public places and if the user isn’t resolute in checking the Wi-Fi properties and security, they can access a network that is wholly controlled by hackers.It is at this stage thatthey can intercept any personal or sensitive informationthat might be entered into a session like online banking or credit cards.
Social Engineering
This is where hackers rely on manipulating users into clicking on questionable content for many different technical and social reasons. A simple example being, a malicious attachment might at first glance look like an invoice related to an account technicians’ job. In this instance, hackers count on victims not thinking twice before infecting the network as they are under performance related objectives for their role within their business.
Most clicked-on phishing attempts found in UK businesses?
As a security specialist, Databox 360 often obtain significant insights into all different types of phishing tests and patterns are easily identified with use of social media sites like LinkedIn, Facebook, Instagram and work networks.