In our previous article, we answered the question of ‘what a social engineering attacks is’ and more importantly, ‘why they matter to you and your organisation’. If you missed that, you could read it here. Today, we will be diving into the detail of what is arguably the most common type of social engineering attack, phishing.
Phishing attacks are a type of technique that involves an attacker sending or requesting malicious information from their victim. Quite literally, attackers use the technique to ‘fish’ for user information. They throw a ‘hook’ through an email or link and wait for the user to ‘bite’. By simply clicking these attachments, the victim runs the risk of compromising their credentials, sensitive company data and in the worst of scenarios, their whole company network.
In the majority of scenarios, phishing is used to describe social engineering attacks arriving via email. Often, email phishing is carried out through a targeted ‘spear phishing’ approach. Here, the criminal uses information from the victim’s social media profiles and other sources to create ultra-realistic emails.
This type of attack can be difficult to stop because spear phishers often use personal data about the target to make their message seem more credible. For example, if the criminal knows details about a users work history or hobbies, they can manipulate their email to look like it is about that topic. As a result, the victim is more likely to click the link or attachment and reveal their desired personal information.
Voice phishing, or vishing, is a technique used to target people in an impersonated video or telephone call by making them alert or emotional and causing them to panic. A common vishing technique that you’ve probably heard of is ‘cold calling’, a technique where the caller pretends to be from the bank or the government, demanding money or credit card details.
With advancing technology, vishing attacks are becoming more sophisticated to include ‘deepfakes’ – where calls are created to sound and look like a familiar voice is on the call when in reality, it is just artificial intelligence. This attack evolution can be extremely dangerous as with increased trust, victims are significantly more likely to share confidential information like accounts, files or even make bank transfers to, for example, a ‘friend in need’.
Smishing is similar to that of email phishing but rather than email, attackers will contact the victim via SMS. The message will contain a malicious link which when clicked on, grants the attacker access to confidential systems. An attacker can spoof a phone number to look like someone else’s and therefore this can make a victim even more vulnerable to fall for the attack.
During the peak of the pandemic, smishing frequently took place through fake ‘positive COVID-19 test results’, ‘close contact detection’, or through fraudulent ‘vaccine booking’ messages which triggered panic and curiosity in their victims.
Phishing is one of the most common forms of cyber attacks due to the affordable and readily available nature of the technique, making it easy for a hacker to administrate on a large scale. As email, phone calls and messaging platforms are used in almost every modern organisation, the attackers’ options are limitless and phishing is not forecasted to slow down any time soon.
As a result, the Anti Phishing Working Group (APWG) reported its highest ever number of incidents in Q1 of 2022, with attacks exceeding 1 million for the first time on record. Every organisation is vulnerable to the risk of phishing attacks. However, industries who are particularly vulnerable include those in finance, SaaS, e-commerce, retail, social media and cryptocurrency.
Sadly, the short answer to this question is that there is no way to prevent phishing attacks altogether. However, there are numerous steps you can take as an individual to dramatically reduce your chances of falling victim, including:
Alternatively, when installing a phishing-vigilant culture within your organisation, there are two primary steps to consider:
No matter what security protocols you have installed, the people within your organisation will always be your first line of defence. We believe that if you have even the slightest of doubts about an email, it is always best to report it to your cyber security or IT team. If it is legitimate, your team will notify you of this and you can continue as usual. Would you rather leave a correspondence waiting for an hour until you are sure it is safe to proceed, or risk compromising your entire company?
Behavioural training and learning how to spot/report an incident is vital to the prevention of social engineering attacks. However, with 9 in 10 cyber incidents being a result of human error, relying on employee training methods is unsecure. For ultimate security, you must also consider your technology…
Without the correct security policies and procedures in place, suspicious emails can slip through an email server which could have otherwise been easily prevented. To boost your email security, we recommend that end users apply strong passwords, implement password rotations, use spam filters to block spam/un-wanted senders and integrate desktop AV/anti-spam applications.
Best enterprise level security practices often implement email security through their servers by using ‘secure email gateway’. In short, this is essentially a firewall for email which scans inbound and outbound traffic for malicious indicators to effectively block and quarantine these threats.
To conclude, phishing attacks are an extremely real and growing threat for every modern business. However, despite all that we have discussed, the truth is that you cannot truly stop a phishing attack. While there are steps you can take to reduce your chances of being victimized, nothing is perfect. The best way to protect yourself is to become as aware as possible, know what phishing messages look like and how they are delivered. That way you should be able to walk away from an attack unscathed.
Stay updated with our latest cyber security insights and company news updates.
Kurt Schrauwen is a Director of the Riela Group of companies which includes Riela Yachts, Riela Cyber and Riela Tech.
Kurt brings more than 20 years of leadership experience having been an early part of the global success of Microgaming in becoming a market leader. Kurt was responsible for the commercial, contractual, and technical sales for Microgaming and with this experience will complement the company’s growth strategy.
Kurt is passionate about business optimisation and prides himself in having an intrapreneurial outlook to maximise staff potential, reduce inefficiencies as well as identifying and maturing revenue growth opportunities.
Paul Cocker joined the Riela Group in late 2021, after spending just under 20 years with his previous employer.
Paul is responsible for the Riela Tech service levels, working on both the dispatch function and SLA management. Paul carries out a variety of duties across the Network Operations Centre and works closely across the wider team to deliver professionally tailored solutions for our Riela Tech clients.
Something isn’t Clear?
Feel free to contact us, and we will be more than happy to answer all of your questions.
Murat Guner joined the Riela Group in the Summer of 2021 as an Infrastructure Engineer.
Murat began his career in Turkey as a computer teacher for primary and secondary schools before migrating his skills into IT infrastructure. After honing his IT experiences throughout a colourful career path, Murat gained numerous qualifications which he is now excited to apply to the management of our Riela Tech infrastructure.
Andy is a qualified Network Engineer with in-depth knowledge of architecting, implementing and supporting networking solutions in the SMB, Enterprise and Service Provider environments.
He has over 20 years of experience working across multiple vendor operating systems, including Cisco, Juniper, Linux and Microsoft, and has also been responsible for implementing a variety of large scale network services deployments, taking projects from design to rollout and support.
Andy also has experience of deploying and migrating a range of virtualisation technologies including VMWare, Hyper-V and KVM based systems.
Email: andy@riela-cyber.com
Marc is our Group’s Infrastructure and Managed Services lead with over 18 years’ experience in delivering infrastructure projects across multiple industry verticals and international jurisdictions. From projects in Aerospace and Engineering through to Banking and Insurance, from Europe, China, Africa and Australia.
This experience is matched with a varied list of certifications from leading industry vendors such as Hp, Cisco, Microsoft, Ruckus, CompTIA and more. As a qualified technical trainer Marc is comfortably able to take complicated technical concepts and deliver them in simplistic terms to key decision makers and end users alike.
Most of Marc’s experience has been gained working for managed service providers, both large and niche and as such is able to take real world experience and blend it with industry standards to help align our service delivery with our clients values and processes.
As a Marketing Executive, Alex is responsible for all marketing duties spanning the Riela Group.
Alex joined the Riela Group in August 2020, shortly after graduating with a Psychology degree from Nottingham Trent University.
With past work experience in content marketing, event management and web design, Alex is able to apply her creative and analytical skills into the Riela strategy.
As the Head of Group Sales at the Riela family of companies, Matthew leads the company’s sales strategy, execution, and growth.
Matthew has a successful record building trusted client relationship and delivering upon set expectations. An accomplished sales leader, he delivers a sales process that provides clients with the information and support they need to make the right decisions for their organisations and their constituents.
Matthew has significant experience within the maritime industry having previously worked across various sectors including insurance, security, satellite communications and managed IT. Matthew’s most recent experience encompasses almost 5 years spent with the leading satellite communications and managed IT provider in the maritime industry, focusing on their superyacht clientele.
Christian is involved across the Riela family of companies with particular attention to the technology businesses, Cyber and Tech.
Christian gained a postgraduate Master in Finance degree at the University of Neuchatel, Switzerland and completed his MBA at the University of Chicago Booth School of Business.
Before joining us, Christian worked for six years at Argosy Capital, an Isle of Man-based private equity and venture capital business focusing on early-stage growth businesses. At Argosy, he focused on managing investment companies, research and financial analysis and served as a director on several boards.
Robert Tobin is the Managing Director of the Riela Group of Companies and is responsible in overseeing our business operations, our people and driving excellence in all we do.
Rob brings over 25 years’ of successful leadership and entrepreneurial experience across a range of industries including Family Office, corporate services, construction engineering, Superyachts, cyber security and information technology development to our Group, and to our customers.
In the past 15 years Rob has gained a prominent reputation within the Superyacht industry for his passion, integrity, innovation and achievements to date.
“Being part of an awesome, capable and forward thinking team that have a shared passion for Superyachts, people and the environment is the highlight of my career and puts a smile on my face and a spring in my step everyday”.
Peter is an experienced technology consultant with a demonstrated history of working in the IT and cyber security industry. Skilled in Search Engine Optimization (SEO), IT Strategy, Start-ups, Regulations, and Online Gaming. Strong consulting professional with a DPhil focused in Natural Sciences from ChristChurch, Oxford.
Tim Bliss, Managing Director of Riela Tech since the company foundation in 2015 and Director of Riela Cyber, brings over 20 years’ of successful leadership experience across a range of industries including finance and banking, software development, and manufacturing, as well as cyber security and information technology. Prior to forming the company he led the technology for Manx Financial Group PLC, where he was instrumental in business systems transformation.
“It is our hugely capable team of experts that drives our business – it is fantastic and rewarding to be able to use technology, intelligence, and great customer service to help make our clients’ business and staff progressively more efficient resilient and secure”