Finance companies are a lucrative target for cybercriminals and the most common attack method is through the employees via phishing in all its many guises.
The 2022 Cyber Security Breaches Survey found that 83% of cyber attacks on UK businesses were identified as phishing and with 63% of businesses saying that phishing attacks were the most disruptive cyber attack, all companies and employees need to be aware of this threat.
And its no wonder why finance companies are at risk; they hold the data that cyber criminals want the most, banking and personal data to enable them to get paid.
Simply it’s a way to trick you into doing something. This could be providing your secret details such as your password or 2FA credentials, visiting a dodgy website or downloading a malware infested item.
There are lots of different terms for phishing, but you don’t really need to know them, you need to know two things. The attackers want you to do something, and that contact can be through any communication method, email, text, social media, QR codes, phone calls maybe even a casual conversation with a stranger.
There are criminal groups who work on an odds basis; “If I send out 1 million emails, someone is bound to do what I want eventually”. These phishing attacks are usually quite generic and may be pretty easy to spot. Targeted attacks are much harder and can be extremely sophisticated with detailed information that you would think only the genuine person or company should know.
There is a wealth of places that information can be found on companies and their employees.
Companies need to put in place a layered approached to phishing.
The ECRC is a police-led, not for profit organisation which companies can join for free.
Our core membership provides:
Click to Open Code Editor