Foration Blog

Not so phishy! The increasingly subtle email attacks exposing human frailties

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

[fa icon="clock-o"] 26 October 2016 [fa icon="user"] Paul Weeden [fa icon="folder-open'] email security, cyber-attack, Cybersecurity, IT security

It might be one of the older forms of cyber-threat, but Phishing is on the increase. The first quarter of the year saw a rise in excess of 200% from the tail-end of the previous year. With cyber-security specialists Mimecast reporting that phishing accounts for 90% of all hacking attacks. It's an alarming rise and cause for concern.

For the uninitiated, phishing is the sending of unsolicited fraudulent emails to an unsuspecting recipient, which will typically take the appearance of a legitimate company (such as your bank), seeking access to personal and sensitive data (passwords, bank details, and such like).

On the surface, it seems to be an odd phenomenon that we should be seeing a rise in such scams. After all, the perception is that, both at work and home, we’re all becoming a lot more savvy in our online use.

Everyone knows not to open email attachments they don’t recognise, or that genuine bank correspondence would NEVER ask for password details.

Don’t they?

Seemingly not.

So, why does phishing, one of the oldest online scams out there, still work?

It’s in our nature

One of the keys reasons that phishing brings such prolific success for the fraudsters and generally malevolent is its relative simplicity.

In short, it works because it preys on our human nature, and our frailties.

Working primarily on the basis that the we are all susceptible to lowering our guard, even when aware of prevalent risks.

Hitting the workplace

Where phishing is having real impact is not the rogue emails to personal accounts, but concerted attacks on organisations. Phishing is the go-to technique for infecting corporate networks intent on major disruption – such as the spate of ransomware attacks seen in the past 12 months.

It’s an environment where our human instincts appear especially vulnerable to emails that have an air of authenticity to them.

Old-school phishing might have been in the form of a look-a-like email from your bank, in which the user would click a fraudulent link to a fraudulent site, passing over personal data unaware of the scam until too late.

These days it’s a lot more subtle.

An email that references an order, or a despatch, maybe an invoice?

Dear ….

Many thanks for your recent order. It has now been despatched with your tracking details and invoice attached.

Please check and notify us as soon as possible if you have any queries.

Kind Regards

Kelly

Born Every Minute Logistics

Unit 7b, Lloyd George Business Park, Newbury

You may not fall for it at home (where you’ll be more than likely aware that you haven’t ordered anything), but at work?

What if it’s genuine? These invoices, orders and delivery notes all need to be accounted for, don’t they?

Phishing is preying on the human condition. And it’s no more acutely felt than at work, for a number of reasons:

  • Wanting to check that orders are genuine as a demonstration of being efficient in your job
  • Belief that your spam filters are 100% effective, lowering your guard to those that slip through the net
  • If you are dealing with dozens (hundreds, perhaps) of emails in a day, there’s the chance that even the most diligent will slip-up once – and once is all it takes.
  • Basic curiosity – we want to see what that invoice is all about, or where that ‘payment’ is coming from.

It's a simple, but devastatingly effective method for causing untold harm to a company's network. And a reason that diligence, awareness and protective measures need to be front and centre when it comes to your IT security.

Email Security Diagnostic from Foration

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

Subscribe to our Blog

Recent Posts