Among the various forms of cyber attack, “phishing” is a scamming method that tricks users into supplying sensitive information that hackers can use to access important accounts or compromise data-repeatedly reigns as a top technique. In fact, recent research revealed that 45% of UK organisations have experienced a phishing attack in the past 2 years.
Although most phishing attacks utilise the same general framework, here are some of the most common formats:
Invoice scam – this scamming method involves the attacker impersonating a supplier, partner company or bank provider and sending an email that claims your organisation has an outstanding invoice. From there, the email will request that you click on an attached link or enter payment system credentials, thus providing the attacker with access to your organisations bank account and funds.
Download scam – this phishing format requires the hacker to impersonate a trusted contact of your organisation and send an email that requests the recipient to click an attached link to be re-directed to a website or download an important attachment. However, doing so results in the hacker being able to download malicious software onto the recipient’s device and gain access to sensitive data.
Compromised account scam – in this method, the hacker impersonates a third-party company and sends an email claiming that your organisations account with the company has been compromised. The email requires recipients to log in and reset the password to their account, which then provides the hacker with access to your organisations sensitive account information.
Payment and delivery scam – this form of phishing occurs when the hacker impersonates a legitimate supplier or vendor that your organisation recently placed an order with and sends an email claiming you need to update your organisations payment information before your order can be delivered. By responding to the email, your organisations payment information and funding will be compromised.
As cyber-attack trends and techniques continue to evolve, so should your cyber insurance policy. After all, purchasing robust cyber cover is the only way to ensure ultimate protection against a costly data breach. Don’t ignore your organisations cyber risks review and update your policy to avoid the ruinous ramifications of a cyber attack, such as a phishing scheme.