Laptop and mobile graphic with emails on screen and fish surrounding
Laptop and mobile graphic with emails on screen and fish surrounding

What are Phishing Attacks?

Phishing attacks are designed to trick you into revealing sensitive information or installing malware (including ransomware) on your devices. They are carefully crafted to look genuine and appear, on the surface, to be from a legitimate source.

Phishing methods

Mass Phishing: The most common type of attack, using little personalisation. These emails usually appear to come from a recognised service provider, like a bank or HMRC and are cast out to a huge amount of email addresses.

Spear Phishing: A targeted attack which uses found or stolen information to tailor an email for an individual or group in order to make it more convincing.

Whaling: A personalised attack aimed at figures of authority in a company, with the goal of stealing their login information. This can then be used to impersonate the individual and authorise or direct fraudulent payments.

Phishing emails

Phishing emails can often look convincing initially, but there are some tell-tale signs to look out for:

Targeted Phishing Emails

Targeted phishing emails can also appear to come from colleagues, suppliers and other close business contacts.

Phishing Guide - Targeted Phishing Emails

Vishing

Voice phishing is referred to as Vishing. Criminals make telephone calls to gain access to private and financial information.

  • The caller will already have genuine information like your name, address, phone number and bank details.
  • Criminals will create a sense of fear and urgency – often that your money is in danger and you need to act quickly.
  • Fraudsters sometimes offer unsolicited prizes or present offers that are too good to be true.
  • The phone number may be spoofed so it looks like the call is coming from a legitimate source.
  • Criminals can sometimes hold your telephone line, so if you hang up and call again on the same line, you might get put straight back through to them.
  • There may be fake background noise to make it appear as if the call is coming from a call centre.

Smishing

SMS phishing is similar to email phishing, but uses text messages. As with vishing and spear phishing it can be personally targeted.

Phishing Guide - Smishing

Social Media Phishing

Criminals use social media to launch attacks that aim to steal personal data, spread malware or even hijack accounts.

Criminals set up replica accounts and then contact the victim’s friends and followers to tell them that their previous account has been abandoned. They will then use messages sent from this new account to try and trick the victim’s followers into clicking on links to websites which may steal data or contain malware.

In ‘angler phishing’ attacks, scammers steal branding and create fake customer service accounts. These are then used to respond to genuine user support requests, directing them to legitimate looking but fraudulent malicious websites.

Scammers will also attempt to imitate website admins with the aim of tricking people into giving up passwords and other sensitive information.

How to Stay Safe from Phishing

Be suspicious
Look carefully at any unsolicited communication, particularly if it encourages you to take urgent action or it seems out of character for the sender.

Don’t click on links or download attachments
If you suspect something is wrong, don’t engage with anything in the communication.

Contact the sender directly
Use details on the apparent sender’s official website and documentation rather than any given in the communication
to try and ascertain the legitimacy of the message. If you are contacted on a phone, try to use a separate device to get in touch in case the line is being held.

Report any suspected phishing activity
At work, contact us here at Breakwater IT: 01603 709301 for any suspected phishing activity on your systems and we can take action on your behalf. On your home device, please contact Action Fraud at www.actionfraud.police.uk

Something Phishy…

Download, share and use our free guide to recognising and avoiding phishing attacks.

Breakwater IT Phishing Guide
What is Phishing?

Phishing is a form of cybercrime which targets victims by email, SMS or telephone. Criminals will pose as legitimate organisations to trick you into revealing sensitive data, such as bank details or passwords. This then results in identity theft or financial loss.

What is Ransomware?

Ransomware is a type of infectious software designed to prevent you from accessing your files, databases, and applications until a request is fulfilled; this is typically a payment to the attacker.

 

What is Zero Trust?

Zero trust is a strategic approach used by organisations. It includes both employee attitude and security policies put in place, encouraging employees to validate every action they take.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top three Microsoft 365 feature releases each month.
Microsoft File Version History
How to Restore a Previous File Version
Looking for a previous version of a file? Here's how to recover it.
Jess speaking into headset at her desk in the Breakwater office.
What is the PSTN Switch Off?
In January 2027, the Public Switch Telephone Network (PSTN) will be switched off.