Common types of phishing attacks to be aware of

As business owners in Brighton and the surrounding areas look for innovative tech-led improvements, the threat of cyber attacks - particularly phishing and social engineering attacks - has never been greater.

Phishing is a type of cyber attack where malicious actors deceive individuals into divulging sensitive information (such as passwords, financial account details, or personal details). The attacker often masquerades as a trustworthy brand or person through channels like email, text messages, phone calls, or social media messages, leading unsuspecting users to share confidential data.

As technology rapidly changes, so do the tactics employed by cybercriminals, making phishing attacks harder to detect, more sophisticated, and potentially more severe. In the spirit of October being Cyber Security Awareness Month, there’s no better time to shine a light on some of the most common phishing attacks and how they can potentially disrupt and derail business operations, customer relationships, and finances. Let’s take a closer look at some emerging phishing trends to be mindful of going into the later months of 2024 and into the new year.

New and prevalent phishing techniques

Post-pandemic, businesses have adopted a plethora of tools and platforms into the workplace. While these unlock tremendous benefits and potential for companies, they also provide opportunistic cybercriminals with new attack vectors for launching phishing attacks. Here are just some of them:

1. Phishing through communication tools

As people work remotely, platforms like Microsoft Teams, Slack, and others have become vital for real-time communication and collaboration. Yet, these tools are prone to phishing attacks, where attackers send messages, false adverts, or links that seem genuine to gain trust from employees and trick them into divulging sensitive information.

2. Phishing via QR Codes (Quishing)

QR codes have been widely adopted in recent years, and unfortunately, cybercriminals have begun using them for phishing campaigns. Replacing legitimate QR codes with malicious ones can lead users to fraudulent websites which appear genuine, but are anything but.

3. SMS Phishing (Smishing)

While email remains a common method for phishing attacks, SMS-based phishing or ‘smishing’ is also a common attack avenue, often seen as more personal and secure than email. Attackers send fraudulent and deceptive text messages - that appear to be sent from reputable sources like banks - with links often leading to fake websites or downloads containing malware.

The growing sophistication of phishing attacks

Phishing attacks have evolved significantly from rather dubious mass emails to highly targeted, intricate and calculated attacks. Spear phishing, in particular, involves sending personalised messages tailored to specific people or businesses, making them harder to identify as malicious.

No industry is immune to phishing attacks. There are sectors that are more fervently targeted due to the data they handle, such as financial services and healthcare. While others like education, IT, and logistics are prone to cyber attacks, it is manufacturing that faces the most sophisticated threats. All industries are adopting more digital technologies in production and distribution, making them prime targets.

Artificial intelligence (AI) has further escalated the threat, with attackers now using AI to craft convincing phishing emails that can mimic the terminology, tone and writing style of otherwise legitimate business communications. This makes phishing attacks even harder to detect and distinguish from real messaging.

How to protect your business from phishing attacks

Businesses in Brighton and beyond must be proactive in their responses to phishing and other types of cybercrime. Below are some of the most important protective measures:

1. Implement Multi-Factor Authentication (MFA)

MFA adds another layer of security to your logins by requesting users to provide two or more additional forms of verification to gain access to a system or file. This can include secure email links, one-time passcodes (OTPs), SMS messages, or biometrics. Even if a password is compromised, MFA can still prevent unauthorised access.

2. Use advanced email filtering tools

Deploying advanced email filtering solutions can help detect and block phishing emails before they reach your inboxes. Machine learning (ML) features help identify and flag suspicious emails, reducing the chances of them slipping through the cracks.

3. Regularly update system software

It’s important to ensure all software and systems are regularly patched to prevent known vulnerabilities from being exploited. Routine updates can prevent attackers from gaining access through outdated systems.

4. Conduct security audits

Regular security scans and audits can help identify lesser-known vulnerabilities in your systems. These will uncover how severe such risks are and prevention strategies to make your business more resilient and secure.

5. Maintain awareness and transparency

Protecting your business from phishing and cybercrime isn’t just about safeguarding data. It’s about ensuring the trust and confidence of employees and customers. Awareness is key and invariably the first line of defence, which is helped by maintaining open communication about looming and evolving cybercrime.

With cyber threats an ongoing priority for organisations to be aware of and address, the strategies above can help businesses in Brighton, and nearby, to safeguard their operations.

Chloe Miller is a freelance writer specialising in marketing, business, lifestyle and wellness content to help businesses grow conversions and build a stronger reputation online. Find out more on Chloe's website here.

If you want to contribute to the Chamber blog, contact us on hannah@brightonchamber.co.uk