Phishing Tactics: The Top 10 Threats Every Business Should Know

Cybersecurity experts in London

Phishing attacks pose a huge threat to businesses, compromising sensitive data, finances, and reputation. As businesses seek reliable IT support in London to safeguard their operations, understanding the top 10 phishing tactics is important. From cleverly disguised emails and fake advertising to malicious websites, cybercriminals have many tricks to fool unsuspecting victims.

Email Phishing: Key Indicators to Keep You Safe

Firstly, email phishing is the most common form of phishing. In this type of attack, attackers send emails appearing to be from trusted sources, encouraging recipients to click on malicious links or attachments.

Red flags to look out for:

  • Urgency and threats – Phishing emails usually create a sense of urgency or danger, pressuring you to act quickly without verifying the email first.
  • Suspicious attachments or links – Train employees to scrutinise attachments and links, even if they appear legitimate, as they could be from malware or phishing sites.
  • Requests for sensitive information – Legitimate businesses have established protocols for handling sensitive data, and your employees should be trained never to disclose confidential information via email, even if it seems legitimate.
  • Inconsistencies in the email – Phishing emails may contain grammatical errors, inconsistent branding or other errors that can indicate them as fake.
  • Unusual email addresses – Check the sender’s email address and domain before clicking on anything. IT support in London can help implement email filtering and security measures to mitigate phishing threats.

For example, Booking.com was a victim of email phishing. The attackers created an email disguised as a legitimate request from the hotel for additional credit card verification, giving recipients a limited time to respond.

Spear Phishing: What to Look For in Targeted Emails

Spear phishing is a targeted form of cybercrime aimed at particular individuals or businesses. It often uses personalised information to appear more convincing.

Red flags to look out for:

  • Personalised content – Spear phishing attackers thoroughly research their victims. Look out for small details that don’t seem right.
  • Spoofed email addresses – These look like they’re coming from trusted sources.
  • Unsolicited attachments or links – They could be from malware or phishing sites.

In 2023, an aerospace firm was the victim of a spear phishing attack. The victims received a phishing email tailored to them. They contained a weaponised XML file containing a remote template injection exploit and a VBA macro code.

Whaling Attacks: How to Stay Alert to CEO-Level Scams

Like spear phishing, whaling targets high-profile individuals like executives and senior management. IT support in London, like Reflective IT, deals with protecting against such attacks.

Red flags to look out for:

  • Unsolicited emails – Check who you receive messages from, as they could be attackers impersonating.
  • Requests for sensitive data – Deviates from standard protocol.
  • Unusual language is used, either in the text or email address.
  • Requests for personal information – Usually made under the guidance of system updates.

Clone Phishing: Key Clues for Identifying Fraudulent Replicas

Attackers create a nearly identical copy of a legitimate email already received, changing only the link or attachment to a malicious one.

Red flags to look out for:

  • Altered URLs or email addresses – These closely resemble legitimate sources, making them harder to detect.
  • Inconsistent branding – Although the emails or websites might seem identical, there may be subtle inconsistencies in branding, formatting, or content.
  • Unexpected requests – Such as updating login credentials, providing financial information or downloading attachments.
  • Lack of secure connection – Websites typically use HTTPS encryption. If a website does not use HTTPS, exercise caution and don’t proceed past any warning pages that some browsers will display.

Vishing: Key Signs of Voice Phishing Scams

Vishing (voice phishing) is a cyber-attack conducted via phone calls. Attackers may impersonate legitimate organisations to extract personal information or financial details. Reflective IT, IT support in London, is trained to recognise and prevent these types of tactics targeting businesses.

Red flags to look out for:

  • Unsolicited calls – Be cautious of unexpected calls, especially those claiming to be from trusted businesses.
  • Lack of proper identification – Attackers may fail to provide appropriate identification or proof that they’re legitimate.

For example, in 2023, MGM Resorts International suffered a phishing attack, which led to system shutdowns, personal data breaches, and an estimated loss of $100 million, with another $15 million paid in ransoms. Several weeks later, MGM announced that the attackers accessed customers’ personal information, including names, contact information, gender, date of birth, driving license, passport, and some Security Numbers.

Smishing: Protect Yourself from SMS-Based Scams

Smishing (SMS phishing) uses text messages to lure victims into clicking on harmful links or providing personal information.

Red flags to look out for:

  • Unsolicited texts – Similarly to unexpected calls, unexpected texts from those claiming to be banks and other trusted businesses should be met with caution.
  • Suspicious attachments and urgent requests – Don’t click on anything that requires you to act urgently; instead, stop and assess the text.

Pharming: Protect Yourself from Redirect-Based Scams

Pharming is a technique where attackers redirect a website’s traffic to a fake website without the user’s knowledge, often through DNS poisoning. Cybersecurity experts in London and worldwide frequently assist businesses in preventing and responding to pharming attacks.

Red flags to look out for:

  • Unexpected website behaviour – If a website you usually trust behaves unexpectedly, it could be a sign.
  • Browser warnings – Many modern browsers display warnings when they detect potential pharming attempts.
  • Suspicious URLs – Inspect the URL of any website requesting sensitive information.

Angler Phishing: Key Signs of Social Media Phishing Attacks

Angler phishing takes place on social media platforms. Attackers impersonate customer service accounts and trick users into divulging personal information.

Red flags to look out for:

  • Unsolicited messages – Watch out for accounts that don’t look legitimate.
  • Unusual tone or language – Messages that deviate from a company’s typical communication style or contain poor grammar could be a sign.
  • Recently created profiles – Social media has been around for a while; recently created profiles, especially if the profile is not somebody you recognise, should raise an immediate red flag.

Malvertising: How to Identify Malicious Online Ads

Malvertising uses online advertising to spread malware, often redirecting users to malicious sites or prompting them to download infected files.

Red flags to look out for:

  • Unexpected redirects – Be wary of websites or ads that unexpectedly redirect to suspicious pages.
  • Unusual ad content – Malvertising ads commonly display unfamiliar or inappropriate content.
  • Slow performance – Websites affected by malvertising are often slow.

For example, an extortion campaign deployed BlackCat/ALPHV ransomware via fake software download pages advertised on search engines. Victims who clicked on the link suffered from data theft and encryption through a double extortion scheme.

Business Email Compromise: How to spot (BEC) tactics

BEC is a phishing scam targeting businesses working with foreign suppliers or performing wire transfer payments regularly. Attackers impersonate high-level executives to trick employees into transferring funds or sensitive information.

Red flags to look out for:

  • Unusual requests – Look for confidential data or financial transaction requests.
  • Urgent tone – BEC attacks usually have a sense of urgency to pressure victims into acting quickly.
  • Lack of context – BEC emails may lack specific details or context that would typically appear in legitimate emails.

For example, a BEC tactic concerned Microsoft. Attackers circumvented a common authentication process to access senior executives’ accounts at Microsoft.

What it means for your business and how we can help

To sum up, phishing is a significant cybersecurity threat that businesses cannot afford to ignore. Cybercriminals use these tactics to trick employees into revealing sensitive information or granting unauthorised access, leading to data breaches, financial loss, and the possibility of a bad reputation in the future. Above all, businesses should prioritise employee training in cybersecurity to protect data and finances. To book your free consultation call with our team of cybersecurity experts in London, click here. We will guide you through cybersecurity protection and solutions for long-term business resilience.

Posted in Cybersecurity.