A s technology continues to advance, so too do the tactics employed by malicious actors seeking to exploit the vulnerabilities of both individuals and organisations. These scams have evolved into an elaborate web of deception, tailored to deceive even the most cautious among us. Derived from the notion of ‘fishing’ for personal information, phishing has become an umbrella term encompassing several techniques. Each technique carries its own nuances, casting a wide net to extract sensitive information from individuals such as passwords, financial details, or personal data.
Pharming: Pharming is a cyber-attack intended to redirect a website’s traffic to a fake site. In this scam, cyber criminals install malicious code on a user’s computer or server, which automatically directs the user to a fraudulent website, even if the correct URL is entered. The objective is typically to collect personal data, login credentials, or credit card data. As the website often looks identical to the original, users may not realise the deception until it’s too late. Spear Phishing: Spear phishing is a more targeted version of phishing, which is tailored to and directed at specific individuals or companies. Spear phishers will often spend time researching their targets to create highly personalised and convincing messages. The goal remains the same: to trick the recipient into revealing sensitive information or to install malware on the target’s network. Due to their targeted nature, spear phishing attacks are often more difficult to detect and therefore potentially more dangerous. Examples of this type of attack can include members of an organisation’s finance team being asked to send money on behalf of the owner of the business, and that it needed to be done quickly, without following up with a telephone call. Whaling: Whaling is a type of phishing attack that specifically targets high-profile employees, such as CEOs or CFOs, to steal sensitive information from a company. These attacks are typically well-crafted and personalised to the target, making them harder to detect. Clone Phishing: Clone phishing involves creating an almost identical replica of a legitimate message to trick the recipient into thinking it’s the real thing. This could involve replacing legitimate attachments or links with malicious ones. The best way we can avoid falling foul of these scams is to ensure we are aware of the risks, educate ourselves on what signs to look out for and to be vigilant in both our personal and professional lives.
•
Hovering over any links in the email to see if the link is pointing to the location stated. Communications from official organisations generally will not request personal information, such as passwords or bank details, via email. If this kind of information is being requested, it may be a scam. The sender’s email address may be slightly different to the email address format of the organisation, such as a letter being changed or a number being added. Consider the wording of the email and whether it contains spelling and/or grammatical errors. Emails from official organisations will rarely contain such mistakes. Compare the sender’s email address to the name in the signature. If they do not match, it may be a scam. Check that the email is addressed to you. Legitimate organisations will generally tailor emails to the recipients name. If the email simply states ‘Hello’ or ‘Dear customer’, it may be a scam. If you receive a text message requesting you to call a number or click on a link, look at the sender. If it is an unrecognised number, or from a source you are not expecting to hear from, it may be a scam. Never give out your password via any medium. Official organisations such as banks and government agencies, will never ask you to give out your password, either via text message, email or phone call.
•
•
•
So, what do these terms mean and what can we do to protect ourselves against them?
Phishing: Phishing is a method of attempting to gather personal information using deceptive emails and websites. It involves a cyber criminal sending out emails that appear to be from reputable sources, with the aim of convincing individuals into revealing sensitive data such as usernames, passwords, or credit card details. These emails often encourage the recipient to visit a fraudulent website, where they’re prompted to input their personal data or to click on a link that installs malware on their computer. Smishing: Short for ‘SMS phishing’, smishing is a type of fraud that uses mobile phone text messages to lure victims into visiting fraudulent websites, downloading malicious content onto their devices or calling back a premium rate number. Smishing messages often appear to come from a trusted source such as a bank or online service provider and may contain urgent requests for personal or financial information. They may also come across as threatening, warning of negative consequences if the recipient does not take immediate action. Vishing: Vishing, also known as ‘voice phishing’ involves the use of telephone calls or voice messages pretending to be from legitimate businesses or authorities to trick individuals into revealing personal, financial, or security information. The scammer might use caller ID spoofing techniques to make the call appear to come from a trusted number. Like other types of phishing, vishing preys on people’s trust and fear to deceive them into giving up sensitive information. Examples we have seen of this happening recently are perpetrators claiming to be from HMRC and demanding.
•
•
•
•
The content of this document is intended to give general information only. Its contents should not, therefore, be regarded as constituting specific advice, and should not be relied on as such. No specific action should be taken without seeking appropriate professional advice.
Some top tips are:
•
Do not open attachments or click on links within emails from sources that you do not recognise. Similarly, even if you do recognise the source, be wary. If you are not expecting to receive an email from them, do not open attachments or click on links.
•
•
If you receive an email, inspect it carefully and look at the following:
COUNTER FRAUD | SCRUTTON BLAND | 7
Made with FlippingBook Learn more on our blog