• About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
What is phishing
  • 26.02.2021
  • | Michael Fotis
  • Tags: Phishing

What are phishing attacks? And do they really work?

Most of us have been the target of a phishing attack at some point. Sometimes these phishing attempts take the form of a badly worded and poorly formatted email, which rather helpfully makes them easy to spot.

While it’s easy to highlight examples of poorly executed phishing attacks, and draw the conclusion that phishing doesn’t really work, the fact is that phishing attacks can be very effective. Phishing attacks are on the rise and are becoming increasingly sophisticated. And with around 91% of all cyber attacks in the UK involving phishing, taking phishing seriously is critical.

 

So, what actually is phishing?

Phishing is the act of tricking an individual through digital communication into divulging sensitive information or performing a given action. Phishing attacks are usually performed on a large number of victims at once to increase the chance of success. A successful phishing attack can lead to the exposure of sensitive data such as login details and financial information as well as giving access to online account functionality.

 

Phishing attacks (sometimes referred to smishing when involving text messages) commonly involve receiving an email or text message with a website link or malicious attachment. Once the link or attachment is clicked, it may initiate a malicious request to websites you are logged in to or to an attacker’s web server where the malicious action will take place. For example, perhaps the attacker sends you to their own web server which mimics a popular web application such as Facebook or Gmail. When the user enters their login details, the attacker will then collect these credentials and forward the victim to the real site, the victim none the wiser. The attacker will then use these credentials to later log in to that web application and gain access to your online account.

 

What about spear phishing?

Spear phishing is a more focussed form of phishing that involves an attacker tailoring their digital medium (such as an email) for a specific target, for example the CEO of a company. Spear phishing requires more time and research for the attacker but can increase the chance of success against that particular victim. Attackers will use publicly available information, which might involve using details from social media, company websites and documentation.

 

How bad can a phishing attack really be?

Sophisticated phishing attacks can have a range of consequences. Gaining access to online user accounts can expose sensitive user information or allow them to take certain actions such as bank transfers. It can often provide the attacker with information to help them launch subsequent attacks against their unlucky victims.

 

What is the best defence against phishing attacks for businesses?

The IT industry has a natural tendency to look towards technical controls, but the simplest and most effective form of defence against phishing attacks is something as simple as staff training. Your staff are on the frontline of your organisation and ensuring that they have regular, engaging and impactful cyber security training is a great first step.

 

How can Predatech help?

Predatech offers a range of security testing services, including vulnerability assessments and penetration testing, as well as certifications including Cyber Essentials which can help to protect your business against cyber attacks. Predatech also offers a dedicated phishing simulation service which can help you understand how your staff react to an attack and the extent to which an attacker can extort information and cause damage. The results of a simulation can also be used to better engage staff and to help inform training.

Latest Posts

Securing Your Software Development Life Cycle

It’s been three decades since the advent of the World Wide Web and since then, web content has transformed from serving simple HTML files to…
  • Jason Johnson|
  • 22.04.2022|
READ MORE

British Data Awards 2022 Finalists Announced

With a record 158 entries submitted, competition to be named a Finalist in the British Data Awards 2022 proved to be especially tough. But today…
  • Michael Fotis|
  • 29.03.2022|
READ MORE

Cyber Essentials Plus: A Guide to Certification 2022

Cyber Essentials Plus certification is the highest accreditation offered by the government-backed Cyber Essentials Scheme which aims to help organisations implement the fundamental baseline cyber…
  • Jason Johnson|
  • 10.02.2022|
READ MORE

Securing Your Software Development Life Cycle

It’s been three decades since the advent of the World Wide Web and since then, web content has transformed from serving simple HTML files to…
  • Jason Johnson|
  • 22.04.2022|
READ MORE

British Data Awards 2022 Finalists Announced

With a record 158 entries submitted, competition to be named a Finalist in the British Data Awards 2022 proved to be especially tough. But today…
  • Michael Fotis|
  • 29.03.2022|
READ MORE

Cyber Essentials Plus: A Guide to Certification 2022

Cyber Essentials Plus certification is the highest accreditation offered by the government-backed Cyber Essentials Scheme which aims to help organisations implement the fundamental baseline cyber…
  • Jason Johnson|
  • 10.02.2022|
READ MORE
CREST Accredited

Predatech achieves CREST accredited member status

We’re delighted to announce that Predatech has successfully achieved CREST accredited member status. CREST is recognised globally as the cyber assurance body for the technical…
  • Michael Fotis|
  • 10.01.2022|
READ MORE
SEE ALL ARTICLES
Quick Links
  • About Us
  • Resources
  • British Data Awards
  • Contact
Services
  • Penetration Testing
  • Vulnerability Assessment
  • Phishing Simulation & Training
  • Strategy & Maturity
  • Information Assurance
  • Cyber Essentials

Contact

  • [email protected]
  • 0161 706 0720

© 2021 Predatech Limited

Privacy Policy
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Find out more by reading our Privacy Policy.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT
Get a Quote
  • *