General enquiries :
+44 (0)20 7602 6000

Phishing Attacks - What they are and how to prevent them

Tuesday 23 February 2021 Cyber Security

Jason Giddens's picture
By Jason Giddens

What is a phishing attack?

Phishing is a type of cyber attack that hides behind the facade of an email with the main objective of gathering your personal and financial information. Cybercriminals design identical emails to match those that are sent by legitimate companies - your bank for example. Advanced attacks target users of specific services and tailor their emails accordingly to disguise themselves as trustworthy companies or people familiar to their victims. These emails often contain links to fake web pages where they will try to collect people's financial details or gain access to their systems.

Successful phishing attacks can have devastating effects on individuals and companies and can cause huge financial loss for their victims. They put their victim's personal information at risk and can gain access through personal computers into a company's entire technological infrastructure.

Phishing has been around since the development of email, so why does it still work?

Cybercriminals are constantly updating their methods to specifically target their group of victims and phishing emails often contain urgent language to trick you into making decisions without thinking them through. The tools they are using are also becoming more sophisticated as technology progresses which makes it increasingly difficult to identify these attacks and results in many of these attempts being successful.

What are the different types of Phishing attacks?

Email/Spam - This is generally the most common form of phishing. Emails are sent to hundreds of thousands, if not millions, of users generally containing a link to a form that will request personal and financial information. They may be disguised as a familiar company asking to update your payment information or change specific account details.

Spear Phishing - This is when attackers specifically tailor their approach towards one specific victim. Cybercriminals often gather information on individuals using tools such as LinkedIn, allowing them to create emails that are relevant to their victims and look as if they have been sent from a colleague or other trusted source.

Whaling - This method is similar to spear phishing, although it targets “big fish” in an organisation. CEO's and Board members are often specifically targeted as they have access to the infrastructure, but are on networks that are not as secure as full-time employees. These attacks are often carried out to gain access to a target companies infrastructure. They are complicated to carry out but can often receive a high payout.

Web-Based Delivery - This is considered to be one of the most advanced forms of phishing. It is where attackers hide between real websites and their legitimate users. Hackers will wait for the user to begin filling out a form and then transfer your completed information to themselves. As with many other types of phishing, victims will often not know that this has occurred until it is too late.

Example of a phishing attack

The following image is a classic example of a phishing attempt. The attacker in this case has disguised themselves as if they are sending a warning of an unusual login from PayPal. The content of the email looks identical to an authentic PayPal warning email. This would then take you through to a website that has been disguised as the original login page and the criminals would then steal your login details to access your account and financial information within.

How to Identify phishing attacks

Cybercriminals will use disguised emails or text messages to gain access to your sensitive information and as these are generally disguised as a bank, familiar app, e-commerce stores or payment processing websites; it can be difficult to identify whether they are real or not.

One of the best ways to spot these are fake is when they contain specific phrases to create urgency and trick you into following their instructions without thinking. Some of the most common phrases to look out for are:

  • There has been an unusual login attempt or suspicious activity in regards to your account.
  • You are eligible for free products with the attached coupon
  • Your parcel delivery has been attempted order number #569859
  • Your order with amazon.com
  • You are eligible for a government tax refund
  • Please confirm some of your personal information
  • Your bank transfer of £2,752 has successfully been carried out
  • Urgent action required

If you see any of these in a communication you should be wary and not click the link attached.

How to prevent phishing attacks

Spam filters are considered to be the most common way of blocking these emails from your inbox. However, attackers are coming up with new ways of avoiding these spam filters and making sure that their phishing emails are ending up at the top of your inbox.

There are a few ways in which you can try to protect yourself from phishing attempts.

  • Use multi-factor authentication to create an additional layer of security by requiring security codes to be sent to your mobile number or email address. This stops access with just the stolen username and password. On more advanced devices, your account can also be authenticated through the use of fingerprint or facial recognition only.
  • The latest security software can also help to prevent attacks although they are constantly having to be updated by the user to ensure that they keep up with the latest methods of phishing. If they are not updated reguarly, you could be at risk.
  • Making sure that your devices have the latest software updates installed can also help to keep you secure. On the majority of devices, these updates can be set to be carried out automatically to drastically reduce your exposure to phishing attempts.

CACI can help keep your organisation safe

Our Cloud systems can help simplify storage and collaboration whilst making sure that you are operating in the safest way possible. We only use the most secure global cloud infrastructures so our clients know that their data is as safe. We also have the ability to run full diagnostics on an organisation's technological infrastructure that allows us to see specific points of weakness that might be otherwise missed.

Our diagnostics can also help to show how a cloud solution can organise and streamline technological systems to help save money in the long run. Find out more about what we offer by visiting our Digital Solutions page.

We explain the basics of phishing attacks - what they are, how to prevent them and how we can help.

Phishing Attacks - What they are and how to prevent them