A Deep Dive on Phishing & How Not to Fall Victim

Written By Madeline L

We’ve all received a dodgy email claiming to be our dream lover from a far flung location or a questionable offer of millions of pounds if we just click this one simple link!

This ‘spam’ is getting more sophisticated with cleverly designed messages purporting to be our favourite brands with hooks designed to make us act without thinking.

I myself was caught out not long ago with a link from ‘icloud’ saying my storage had run out (something that was true) and I needed to upgrade my plan. I realised as soon as I clicked the link but it was a dicey couple of hours mitigating the effects of what I might have got myself into.

It’s easy to be fooled, and nobody should be embarrassed, but we should all be ready and prepped to dodge the flurry of phishing attempts we get daily.

The Stats

Techtarget recently announced “phishing attacks increased by a whopping 1,265% in 2023, thanks in part to the growth of generative AI (GenAI), according to "The State of Phishing 2023" report from SlashNext.

The Anti-Phishing Working Group (APWG) observed almost 1.3 million phishing attacks in the second quarter of 2023, representing the third-highest quarterly total ever observed by the group.”

Scary stuff. But what actually is phishing?

The common type of cyber attack involves fraudulent communication designed to deceive individuals into revealing sensitive information, such as passwords, credit card, or social security numbers.

Cybercriminals often disguise these communications as messages from reputable sources, such as banks, social media platforms or government agencies.

How Does Phishing Work?

Phishing attacks typically come in the form of emails, text messages, or phone calls. The attacker poses as a trustworthy entity and uses social engineering techniques to create a sense of urgency or fear, prompting the victim to disclose confidential information, click on a malicious link, or download an infected attachment.

For instance, a phishing email might claim to be from a your bank, warning of suspicious activity on your account and urging you to verify your account details.

The email would include a link that directs the user to a fraudulent website that looks identical to the bank's real website. Once there, any details entered—like login credentials—are captured by the attacker.

Types of Phishing Attacks

There are various types of attacks, each with its unique characteristics and methods:

1. Spear Phishing: This is a targeted form of phishing where the attacker personalises the emails with the target's name, position, company, work phone number, or other information to make the attack seem more credible.

2. Whaling: This form of phishing targets high-level executives or important individuals within a company. Cybercriminals aim to steal sensitive information that can be used for financial gain or to gain access to company networks.

3. Smishing and Vishing: Smishing involves phishing attempts via SMS, while vishing is voice phishing where the attacker uses a phone call. Scarily, technology is on the rise that allows attackers to emulate the voices of people known to the target.

4. Pharming: This attack involves hackers redirecting a website’s traffic to a fake site, even when the user has typed in the correct address.

5. Quishing: Ever been tempted by a sticker on the tube with a mysterious QR code? Do resist! These can trigger an instant download of malware so scrutinise what you scan.

The Psychology Behind Successful Scams

Not that it’s ever our fault, but understanding why we might fall for for these attacks is crucial for prevention. Several psychological factors make us vulnerable:

  • Authority Bias: We tend to comply with requests from perceived authority figures, especially when they claim to represent popular or familiar companies or figures.

  • Fear and Urgency: When threatened with account deletion, financial loss or legal action, our decision-making becomes compromised by panic.

  • Social Proof: If an attack appears to target multiple users or includes testimonials, we're more likely to consider it legitimate.

  • Opportunity Bias: The promise of benefits can override our natural skepticism. If it’s too good to be true, it probably is.

  • Politeness: We’re conditioned from childhood to be polite and respectful. Scammers exploit this by posing as authorities or using overly friendly tones making it difficult for us to question or refuse their requests. Remember it’s ok to be firm and skeptical when your security is at stake.

How to Avoid Falling Victim

Awareness is key, but here are some steps you can take to protect yourself:

1. Be cautious of unsolicited communications: Be wary of any unsolicited email, text, or call that asks for personal information or prompts you to click a link.

2. Check for email red flags: Look for poor grammar, incorrect spelling, generic greetings, and unofficial email addresses, which can all be signs of a phishing email. However, don’t think this will always be the case! Some scams are scary sophisticated so tread carefully.

3. Verify the source: If an email seems suspicious, contact the company or person directly using a known contact method. Take a close look at the domain. For example, footlocker-uk.com, is close but not the same as footlocker.co.uk so always go through google if what they’re offering is a little too good to be true.

4. Install security software: Use antivirus and anti-malware software and keep it updated for the latest protection.

5. Use multi-factor authentication (MFA): MFA can provide an extra layer of security, as it requires more than one method of verification should someone nick your credentials.

Always take a moment to scrutinise any communication that seems out of the ordinary before responding or clicking on any links and report anything that doesn’t seem quite right.

Protect your business with The Key - a 5-day program designed for small business owners.

In under 30 minutes per day, you'll implement essential security measures to strengthen your defences, professionalise your brand and build resilience into your business.

This program guides you on how to lock down your devices, protect client data, and establish robust recovery practices.

What’s included?

  • Actionable steps to clean your devices, build privacy into your workflow and secure your platforms

  • Recommendations for carefully selected affordable tools (non-affiliated)

  • Free bonus resources to help you grow your business - uninterrupted

Sign up below to start looking after your self and your business

Featured
Non-Profits & Charities: Here is your Cybersecurity Strategy for 2025
Non-Profits & Charities: Here is your Cybersecurity Strategy for 2025

Including a look back to 2024 to see what we can learn.

Surviving & Thriving in 2025: The Ultimate Cybersecurity Strategy for Content Creators & Influencers
Surviving & Thriving in 2025: The Ultimate Cybersecurity Strategy for Content Creators & Influencers

Those in the industry are prime targets for cyber attackers. Prepare and protect your platform for the year ahead.

Cybersecurity for Small Businesses: Lessons Learned from 2024 and Predictions for 2025
Cybersecurity for Small Businesses: Lessons Learned from 2024 and Predictions for 2025

A little look forward to help you prioritise your cybersecurity goals. Action plan included.

2025 Look Forward & a Few Belated Gifts
2025 Look Forward & a Few Belated Gifts

Some exciting launches and news on what’s to come in the new year.

Madeline L
Previous

How do I Improve my Privacy Online? Understanding Virtual Private Networks (VPNs)

Next

8 Steps to Solid Website Security