Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn about the Microsoft 365 security misconfigurations you need to avoid. Join our webinar on 20th May.

Overview

Reduce the risk of falling victim to the latest social engineering scams

Phishing attacks target organisations of all sizes and are becoming increasingly prevalent, sophisticated and costly.

Identifying, preventing and responding to phishing attacks should be a priority for all organisations, but doing so effectively requires a layered approach to security, encompassing robust perimeter controls, employee training, regular assessments and proactive network and endpoint monitoring.

A series of spear phishing emails

Phishing

What is phishing?

Email phishing is a type of attack vector used by adversaries to trick users into performing adverse actions and/or divulging confidential information. Imitating communications from trusted individuals and businesses, spoof emails often appear legitimate and bait their targets into clicking malicious links and malware-laden attachments.

Spear phishing, also known as whaling, is a highly targeted phishing attack designed to compromise a specific individual, usually a system administrator or high authority individual such as a C-level executive. Phishing attacks are also often conducted by voice (vishing) and mobile text message (smishing).

Business Email Compromise

What is a BEC attack?

A Business Email Compromise (BEC) is a specialist type of phishing attack that is becoming increasingly prevalent. BEC attacks are designed to impersonate senior executives and trick employees, customers or vendors into wiring payment for goods or services to alternate bank accounts. According to research from the FBI, BEC attacks accounted for half of the cyber-crime losses which took place in 2019.

Distribution fraud is a closely related form of phishing attack whereby companies use fake domains to imitate well-known organisations and request quotations for high value goods. Once a quotation has been supplied, a fake purchase order is emailed to the supplier in the hope that goods will be shipped without payment being made.

Host devices being compromised by an attacker

Mitigation

Safeguarding against phishing attacks

There is no silver bullet to completely eliminate the threat of phishing. Email filtering, validation and authentication systems can help to mitigate the risk, but even the most sophisticated technologies cannot block all malicious emails. Additional safeguards should include:

Training

Phishing awareness training

Security training can play a crucial role in helping to reduce the likelihood of social engineering attacks resulting in data breaches. Employees need to understand the tactics commonly used by cybercriminals and exercise caution when receiving and sharing information.

Redscan’s top tips for identifying and avoiding email phishing scams:

  • Check email domains from suspicious mail against those from trusted contacts
  • Look for inconsistencies in font, logo and colour and unusual spelling mistakes
  • Exercise caution when viewing condensed email views on mobile devices
  • Immediately change passwords if you suspect you may have been phished
  • Conduct a phishing assessment on your organisation to test employee awareness
  • Use network and endpoint security monitoring to identify unusual user activity

Need advice or help from our friendly team?

Get in touch
A range of security assessment services

Security assessments

The importance of regular security testing

Understanding whether your business is prepared to defend against the latest threats is pivotal to a successful cyber security strategy.

Redscan’s penetration testing services, including CREST-accredited infrastructure testing, web application testing and mobile security testing, are designed to identify the latest security weaknesses and help address them before they can be exploited by malicious attackers.

Redscan’s dedicated social engineering service is designed specifically to assess employee awareness of phishing and BEC scams. Assessments can either be conducted as standalone social engineering engagements or as part of a Red Team Operation.

ThreatDetect™ MDR

The benefits of Managed Detection and Response

Continuous monitoring of IT networks is essential to ensure that breaches are identified and shut down before they lead to data loss or financial and reputational damage. However, acquiring the necessary tools and expertise needed to conduct around-the-clock security monitoring can be a problem for many organisations.

ThreatDetect™, Redscan’s award-winning MDR service can help to address these challenges. For a cost-effective subscription, ThreatDetect provides the skilled security experts, cutting-edge technology and up-to-the-minute industry intelligence needed to hunt for and shut down attacks, 24/7/365.

ThreatDetect MDR

Challenges

Other security challenges

Our Services

Our award-winning services

Redscan’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
5th May 2021
Third parties linked to data breaches at 51% of organisations
New research has shown that 44% of organisations experienced a security breach within the last 12 months, of which 74% identified the cause as privileged access given to third parties.
26th April 2021
Emotet malware erased around the world
The Emotet botnet was permanently deleted on April 25th. This follows its takedown in January. Redscan shared advice about the last opportunity to hunt for evidence of Emotet infection and related malware.
6th April 2021
Ransomware and exchange server attacks increase significantly
New research has revealed significant surges in ProxyLogon attacks and ransomware. The research shows a 57% increase in ransomware attacks over the past six months, with the number of affected organisations rising by 9% each month to date in 2021.  
31st March 2021
Redscan research suggests NHS security improvements
Our NHS FOI analysis reveals that NHS trusts made notable improvements to cyber security in 2020, despite the pressures of COVID-19. View some of the news coverage here.