Phishing scams evolve constantly. Don’t they?
On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve.
On the other hand, the the nuts and bolts of phishing scams are surprisingly static. On the whole, phishing attacks are quick, cheap and disastrously effective. Knowing this, criminals rarely tweak the inner workings of their phishing scams all that much.
Learning the underlying mechanics of the world’s most common phishing scams can therefore go a long way to preventing their success.
The question is: what are the most common phishing scams UK businesses face?
1. Malware distribution
As we’ve noted elsewhere on the CybSafe blog, the criminals behind phishing attacks are typically attempting to steal either money or data – and one of the simplest ways to do so is through malware distribution.
By introducing malware to the right networks, criminals can carry out all kinds of underhand activities – such as harvesting data, mining for confidential information and even logging keystrokes to record user activity.
Introducing malware to a network rarely takes more than the click of a malicious link… which is why malware is so frequently distributed through phishing. If criminals can email the right people and convince them to click a malicious link, they’re half way to achieving their goal.
Criminals have therefore devised a whole host of scams that trick people into clicking links… but perhaps the most prevalent are those that spoof trusted companies, such as Amazon, Apple or a well-known financial institution.
The spoof emails occasionally look like marketing messages (a recent scam invites users to test the Amazon Echo for free) but, more often than not, they take the form of administrative messages. Administrative messages allow criminals to flick several psychological switches in their victims’ minds at once. For example, they appear to come from a trusted authority – such as an account manager. They might invoke fear – perhaps by suggesting criminals are attempting to access company finances. They may even trigger an affinity for the sender, who is, on the face of things, looking out for their victims’ wellbeing.
After pulling one or more psychological triggers, such emails become extremely powerful weapons of influence.
Despite their potency, phishing emails distributing malware usually come with clues that reveal their true nature – all of which are noted here.
2. CEO fraud
Psychology, again, plays a pivotal role in the phishing variant known as ‘CEO fraud’.
In the spear-phishing scam, criminals spoof the email address of a trusted authority, such as a manager or (for added potency) the company CEO.
Criminals then send highly targeted emails that request accounts departments settle fraudulent invoices. To stack the odds in their favour, criminals take care to induce victims into states of psychological compliance.
As an example, the phishing emails typically demand payments are settled urgently. The CEO might be away on business. The funds might need to be transferred within the next hour to secure a lucrative new contract.
The emails, of course, seemingly come from a trusted authority. And they’re sent to people who come into work to (amongst other things) settle invoices.
When done well, CEO fraud can be brutal. The CybSafe platform frequently offers additional training to those vulnerable to CEO fraud, and machine learning and data analytics highlight individual and departmental vulnerabilities, ensuring they can be addressed.
Preventing the UK’s most common phishing scams
Phishing filters are designed to prevent well-known threats from ever making it into inboxes. They use algorithms to judge how likely an email is to be a phishing attack and act accordingly.
Unfortunately, no phishing filter is 100% effective. By being selective with their targeting and dressing their scams in new guises, criminals can squeeze their attacks past phishing filters.
When they do, it’s up to the people receiving phishing emails to spot and stop them from doing any damage. The CybSafe platform has been designed to help people do just that.
Course content, designed in collaboration with psychologists and behavioural scientists, advances what people know about security, what people think and feel about security and, arguably most importantly of all, what people do when confronted with cyber threats. And inbuilt data analytics, machine learning and AI all ensure the platform highlights vulnerabilities and evolves with individual and organisational needs.
The most common phishing scams affecting UK businesses today might not be the same as those affecting businesses tomorrow. With an intelligent, ever-evolving security platform, you’re covered no matter what the future holds.
