Blog | Concorde Technology Group

Phishing and Spear Phishing - Avoiding the Phishing Net...

Written by Olivia Grace | Apr 28, 2021 3:11:00 PM

Centralising your business communications through online services is the most effective way to keep your business running efficiently in and out of the office.

However, with new securities, efficiencies and collaborative tools come new ways for criminals to gain access to your data.

Email phishing has seen a sharp increase in recent years. CSO noted that research conducted by Symantec estimates “every 3,722 emails in the UK is a phishing attempt”. 

With around half of all cyberattacks in the UK involving email phishing in some instances, it is imperative that businesses do more to educate their employees about the potential dangers of phishing and spearfishing. 

The Attack 

Email phishing is a form of online scam that aims to gain sensitive information or plant malicious software onto your device by impersonating the identity of another business via email. 

Phishing emails can look extremely convincing, even adopting the format, branding and language of the impersonated business’ emails.

Phishing emails are typically created to impersonate large businesses with a varied audience in the millions, such as Amazon or Paypal, and sent en masse at random. 

The intent here is to create an email common enough that it will likely apply to many people within the group, i.e. “there’s an update on your purchase…” or “you have received a payment…”.  As this message would be somewhat familiar to many users of this service, it wouldn’t necessarily seem suspicious.

Spear phishing, whilst similar in form, varies in its audience. Spear phishing attempts to target specific individuals. These individuals can be targeted for their personal information or used to gain sensitive information about the business for whom they work. 

Criminals often collect detailed profiles about the individual via social media, in order to sound as convincing as possible.

As more and more businesses adopt new hybrid models of working - particularly since the COVID-19 pandemic, which has resulted in many employees remaining partly or entirely at home - these attacks have become a more frequent threat for businesses. 

Keeping Safe

Whilst both of these cyber attacks can cause real damage to a business, they can be prevented. 

Ultimately, knowledge is key, and the better your teams can identify phishing emails before they become a problem, the safer your business will remain. 

You may want to consider a Phishing Email Assessment:

  • The intention of the assessment is to send your employees to mock phishing emails. These will look very similar to a real phishing email, without the danger of compromising your security.
  • A lot of valuable data can be collected via this test, such as the number of users that clicked links, what kind of emails were more convincing than others, and the points of insecurities you may have.
  • Concorde Technology Group offers both a broad-scale generic email phishing attack and a spear-phishing attack of specific, high-level employees. We record analytics such as the number of users that clicked links, submitted credentials, the times of all events and more. Additionally, they can offer employee training based on the assessment’s results. Find more information click here

The assessment is a great simulation of what to do once the phishing emails reach your inbox, but what more can you do? 

Phishing emails are not without their digital telling cards - ultimately, links within emails will lead to a harmful site or download. By blocking malicious DNS connections you can help further protect those employees who may miss the signs:

  • This method works by adding DNS-level filtering to your server and blocks and links that redirect to recognised malicious websites.
  • WatchGuard’s DNSWatch is an easy-to-use software that monitors your server’s activity, offering detailed analytics of potential threats and infection. Find more information here.

Concorde Technology is Here to Help

For more information regarding cybersecurity and how Concorde Technology can support you and your business, contact a member of our expert team today on 03331 300600 or email us at enquiries@tctg.co.uk

Concorde Technology Group provides world-class technology services, including Technology Solutions, Cloud Solutions, Communications and Cyber Security.