On the back of National Fish and Chip Day, we look at why phishing is such a big issue facing organisations and individuals.
What is Phishing and why does it work?
You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way - people open the doors to their personal data, giving up login details, passwords or even payment details to malicious e-mails, links or websites designed to look like they’re authentic. That information can then be used to commit fraud and cyber crime.
Holy Mackerel - Phishing is a huge problem
Phishing attacks are a common security challenge that both individuals and companies across the UK face on a regular basis. Verizon’s 2018 ‘Data Breach Investigations Report’* showed that more than 90% of all malware is still delivered to victims via email. Between April 2018 and March 2019, social media and email account compromises were the most reported form of cyber crime to Action Fraud with victims losing a combined total of £19m - our analysis shows that phishing emails were a common enabler for these compromises. That’s why this National Fish and Chip Day (7th June) we’re working with police forces across the UK, Government departments and industry partners to deliver a national campaign on how people can protect themselves from phishing.
Always Take Five and mullet over. Your money depends on it.
Some of the most reported scams to Action Fraud start with an unsolicited text, email or call. From emails and text messages asking you to “verify” account details to cold callers claiming to be from your bank, the goal of a phishing attack is usually the same, to trick you into revealing personal and financial information.
Criminals are constantly evolving the tactics they use to carry out these phishing attacks, which is why it’s sometimes difficult for people to know what to look out for. We’ve got some simple advice that can help you protect yourself from most phishing attacks - don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details. If you think the communication might be genuine, then contact the company directly using contact details you know to be correct, such as the phone number on official correspondence, and not the contact information provided in the message.
For more simple tips on how to protect yourself online, visit cyberaware.gov.uk. If you have been a victim of fraud or cyber crime, report it to Action Fraud at actionfraud.police.uk.
The South West Regional Cyber Crime Unit is comprised of dedicated individuals who investigate serious cybercrime, offer advice and guidance to small businesses, and work with a range of partners to prevent people from engaging in cybercrime. For more articles and case studies like this, sign up to our Regional Cyber Briefing / Cyber Intelligence Report, and follow us on LinkedIn and on Twitter (@swrccu).
We also have a node on the Cyber Security Information Sharing Partnership (CiSP), and we strongly encourage organisations to sign up for real time cyber threat information in a secure, confidential and dynamic environment https://www.ncsc.gov.uk/cisp.