ICAEW.com works better with JavaScript enabled.

Phishing attacks: how to stay vigilant

Author: ICAEW Insights

Published: 12 Oct 2021

Incidents of phishing attacks are on the increase as businesses adapt to hybrid working, with £754m stolen from bank customers in the first half of 2021. Here’s what to watch out for.

Phishing attacks have been a security threat ever since the early days of the internet, but the Covid-19 pandemic has created particularly ripe conditions for such scams. 

The shift towards home working has left many remote workers more vulnerable, possibly because individuals are more likely to be distracted in their home environment. Action Fraud, the UK’s national reporting centre for fraud and cybercrime, received nearly 4,000 cybercrime reports during the first month of lockdown. A Deloitte study found that a quarter of all employees reported an increase in phishing attempts to their corporate email over the past year.

Phishing trends: be aware

According to Omid Tissier, Economic Crime and Ethics Manager at ICAEW, several well-known phishing scams are doing the rounds of late. Text messages alleging to be from delivery companies about missed deliveries, requests for payment for NHS Covid passes and alleged communications from HMRC.

“These scams are all quite believable, especially the ones pertaining to be from delivery companies like Hermes. Everyone is getting deliveries at the moment, so it’s all too easy to assume it relates to a delivery that’s just been forgotten about,” Tissier explains. “Another way scammers can catch you out is to make the communication seem like it’s coming from somewhere official like a government department. The HMRC scam is quite common. Most people, seeing communication from HMRC, will panic. These are the scams that tend to have the most success.”

UK Finance, the trade association for the banking and finance sector, revealed last month that a total of £754m had been stolen from bank customers in the first half of the year.

Preying on fear

For all their different incarnations, phishing scams – via email, text or phone calls – all have one thing in common: they take advantage of peoples’ fear.

“Phishing scams operate by creating a sense of urgency, something the individual has to do right away,” says Tissier. “You won’t receive your parcel unless you pay the additional fee; your account access will get blocked unless you provide certain details; you need to pay this amount to the HMRC, or you’ll be investigated. They’re all trying to pressurise and scare you into giving personal details or making a payment.”

Know the signs

Given the underhand nature of these cyber threats, how can businesses ensure their employees don’t fall prey to such scams? 

Ultimately, it’s a case of raising awareness and ensuring staff know the signs to look out for. It could be an email address purporting to come from an official company that doesn’t look quite right, there may be spelling mistakes, or maybe it could be some unexpected communication.

“This is one of the tell-tale signs,” says Tissier. “Am I expecting it? Is it out of the blue? If it is, there’s a good chance it’s a scam. We’ve got to get into the mindset now that any email or message we receive could be from a fraudster. We need to be asking ourselves: ‘is this genuine? is this from who I think it is?’”

Stay suspicious

Most important of all, says Tissier, is never to give information away needlessly. Scammers will typically telephone individuals posing as companies or government departments to glean small pieces of personal information such as bank card details, passwords, etcetera. Some scams can be particularly sophisticated and can convince individuals that the call or communication is genuine. It’s why it’s essential to maintain a healthy degree of scepticism and suspicion.

As Tissier advises: “Never give any information away unless you know exactly who you are speaking to, you’ve verified the organisation they are calling from, you know what their purpose is and you have initiated the conversation with the organisation yourself.”

ICAEW Cybercrime Week 2021

ICAEW is hosting Cybercrime week from 11-15 October with a series of webinars, videos, podcast, a panel discussion and other resources. It explore what threats to look out for, cyber hygiene to follow, how to respond and recover from an attack and how to train and support staff, creating a no blame culture.

Thumb print lead image

More support

ICAEW Community
A laptop and data graphs depicted on a postage stamp.
Data Analytics

Helping finance professionals develop the advanced data analytics and visualisation skills needed to succeed in this insight-driven era.

Find out more
Charity Fraud Awareness Week
Charity Fraud Awareness Week 2
Charity Fraud Awareness Week 2021

Charity Fraud Awareness Week will raise awareness of fraud and cybercrime affecting the sector to create a safe space for charities and their supporters to talk about fraud and share good practice.

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Read more