020 4539 4508

How To Protect Against Phishing attacks

Blog posted on 4th June 2024

Introduction: Social engineering and phishing

Learning how to protect against phishing attacks, means first understanding exactly what that means. Social engineering is a term used to describe the deceptive tactics hackers use, to manipulate staff or individuals into carrying out actions that compromise security or confidentiality. Unlike traditional hacking techniques, which may involve exploiting software or hardware vulnerabilities, social engineering exploits human psychology.

Phishing is one of the most common forms of social engineering. Most phishing attacks aim to trick people into revealing sensitive data such as banking information or business-critical data. This data can include usernames, passwords, credit card numbers, and more. A high percentage of phishing attacks are sent via email, but it’s been known to occur on various other channels such as text message, phone calls and even social media.

Types of phishing

Traditional phishing is most associated with email attacks. However, with the growth of various digital platforms, there are many different areas where hackers can cast their bait.

Here’s some different types of phishing techniques commonly used:

  • Email Phishing – An attacker sends an email in attempt to imitate a known source and lead the recipient to enter a dangerous site or to share information.
  • Whaling – A phishing attack targeting a senior member of an organisation.
  • Spear Phishing – Targeting individuals based on job role, seniority, and any other information a hacker has been able to obtain.
  • Vishing – Also known as Voice Phishing, this is often used to aid Whaling or Spear Phishing attacks.
  • SMShing – This occurs over text message, with a similar goal of other phishing attacks.
  • Quishing – Powered by fake QR codes, this method has seen a rise in recent times.
Social Engineering Penetration Testing

How to spot phishing attempts

Social engineering has become very sophisticated and harder to identify. To ensure you or your teams are not caught out, there are a few key indicators to watch out for:

  • Urgency Tactics – Attackers will commonly threaten negative consequences for inaction, hoping to rush people into making mistakes.
  • Suspicious Attachments and Links – Keep an eye out for attachment file types such as .zip, .exe or .scr, and always hover over web-links before clicking.
  • Grammar and Spelling – Mistakes are common in phishing emails, as they are usually sent out in high volumes to many different people.
  • Generic Greetings – If a message sounds oddly generic or impersonal, this should prompt you to be careful when interacting.
  • Email Handles – Be mindful of who you are receiving messages from, it’s easy for hackers to disguise their handles but when you inspect further, you’ll see the real address of the sender.
Discussing how to protect against phishing attacks

Cyber awareness training

Social engineering aims to exploit the people who make up an organisation, so it’s important to educate all staff on how to protect against phishing attacks. By educating employees on how to recognise, respond to, and report phishing attempts, the risk of successful social engineering attacks can be heavily reduced. 

When putting together these strategies, there are a few areas to consider:

  • Cover the Basics – Explain what phishing is, the common types as well as the consequential impacts of being caught.
  • Reporting Phishing Attempts – It should be clear to all staff exactly what to do when they spot a phishing attempt.
  • Culture of Security – Foster a culture where open communication is encouraged, and security is everyone’s responsibility.
  • Simulated Phishing Campaigns – Test the success of your previous training, and effectively tailor future campaigns by running your own phishing exercises.
  • Regular Updates & Refreshers – Ongoing training should be provided to educate on new phishing techniques and trends, as well as ensuring staff remain vigilant.

Conclusion & Author:

With an estimated 3.4 billion phishing emails being sent every day, social engineering is clearly an important topic of discussion when it comes to security. Being able to effectively recognise and respond to phishing attempts is a bare minimum requirement for staff to help keep an organisation secure. 

A team is only as strong as its weakest member, so its vital that businesses carry out regular training exercises to properly arm their staff to defend against the diverse attacks they might receive.

Cyber Security Blog Author

Tom Sabine, Account Director

If you would like to discuss this topic further with Tom, have any questions, or would just like to connect in general, you can reach out to him in the following ways:

Mobile: +44 7480 730358
Email: Tom.Sabine@codeshield.co.uk

Have a different question?

You can reach our team with the details below, or fill out the enquiry form and we'll contact you!
+44 20 4539 4508
hello@codeshield.co.uk

Speak to a security expert today:

Cyber security insights & resources:

Why do a pen test

Why do a pen test?

Read More
Cyber Security Penetration Tester

AI in cyber security

Read More
ISO 27001 Compliance Badge

Penetration testing for compliance

Read More
Penetration Testing vs Vulnerability Scanning breakdown

Penetration testing vs vulnerability scanning

Read More
Web Application Security conference

Web application security

Read More
Discussing how to protect against phishing attacks

How to protect against phishing attacks

Read More
Remote Working Conference

Remote working security risks

Read More
Red Team vs Blue Team

Red team vs blue team

Read More
Penetration Testing Tools

Common penetration testing tools

Read More
Security resources

External perimeter assessment (Case Study)

Read More
Pen Test for Tech Teams

Penetration testing for tech teams

Read More
Discussing cyber security threats to law firms

Top Cyber Security Threats to Law Firms

Read More