Phishing attacks – what to watch for and how to defend


According to KPMG, phishing remains one of cyber criminals’ most prolific attack methodologies, with a number of high-profile organisations from finance to media, manufacturing to engineering falling victim to the technique. Attackers use email with the aim to get users to reveal personal information such as passwords or account numbers, which later helps them break into the system or extract funds.

Unfortunately, despite growing awareness, it can be simple for an experienced cyber scammer to lure someone to click on a “dodgy” link. In doing so, they can instantly bypass a company’s firewall, undertake a full system takeover, or implement ransomware. In one swift swoop, the attack could cause untold disruption, privacy breaches, financial damage, and reputational harm.

Better security defences have been developed and implemented by organisations, but threat actors keep changing the game. The technical ingenuity and levels of social engineering undertaken by scammers have risen significantly. In some cases, even trained personnel find it hard to spot a sophisticated attack.

KPMG’s Cyber Response Services (CRS) team has seen several novel phishing attack types emerge. File obfuscation, gaining the victim’s trust, and impersonation attacks are three key tools in the scammers’ kit. Here we share some of their characteristics, as well as recommendations on how to keep your organisation protected.

Read more on their website.