Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first
Back to Knowledge & Insights

Go Phish? How To Avoid Falling Foul Of Fraudsters

As we enter National Cybersecurity Awareness Month, cyber-related fraud offences are on the rise in the UK. Cyber-related incidents made up 61% of fraud offences in the year ending March 2022, compared to 53% in the year ending March 2020 – and overall computer misuse increased by 89%.

Women made up the majority of individuals who reported cyber-dependent crime to the National Fraud Intelligence Bureau in 2022, data shows.

Almost half (47%) of reports came from women, one in three (30%) were from men and the remaining individuals did not disclose their gender.

The data also showed that 25-44 year olds are the most likely to receive a phishing message – but 35-44 year olds are most likely to click it.

Who Is Most Likely To Be Targeted?

A survey from the Office for National Statistics revealed that 35-44 year olds are the most likely age group to be targeted by phishing attacks, with the 25-34 year old age group not far behind.

60% of 35-44 year olds and 58% of 25-34 year olds reported having received a message that may have been phishing, while 5% of 35-44 year olds said they had either replied to or clicked on a link, compared to 2% of 25-34 year olds.

Aiming to raise awareness of phishing for National Cyber Security Month in October, we used the data to build a profile of those most likely to be targeted by phishing.

Phishing attack target and victim profiles

Fraudsters’ Ideal Phishing Target

  • 25-44 years old
  • Employed
  • Female
  • Private renter or homeowner
  • Lives in one of the least deprived areas of England

However, the profile for victims of successful phishing attempts was slightly different, with higher percentages of these groups saying they had replied to or clicked a link in a potential phishing message.

Most Likely Phishing Victims

  • 35-44 years old
  • Female
  • Social renter
  • Lives in one of the most deprived areas of England

Additionally, over half (54%) of survey respondents had received a message from a fraudster pretending to be from a delivery company, 32% from banks or other financial institutions, and 29% from e-commerce companies.

Cybersecurity For Individuals

Zoe Grylls, customer success manager lead at Hicomply, said: “Cyber criminals rely on creating a sense of urgency, so there are some key things that employees can look out for to recognise a phishing attempt. Is the subject line alarming? Is the content designed to evoke emotion? Curiosity, fear, greed and helpfulness are all used to create urgency so the recipient takes action immediately.

“You might be asked to click on something or give your details to avoid a negative consequence, such as missing an important delivery. As the UK cost of living crisis continues, we’re also more likely to see fraudsters posing as utility companies or other service providers. Money is a huge motivator so be careful and check the information in the message matches with the official information on a company’s website.”

Cybersecurity For Businesses

The finance industry was the most targeted in phishing attempts in the first quarter of 2022, seeing almost a quarter (23.6%) of total phishing attacks recorded worldwide. This was followed by software as a service (SaaS) and webmail at 20.5% and e-commerce and retail at 14.6%.

Zoe said: “For businesses, it’s important to invest in training. Run regular simulated phishing attacks, with targeted training if needed. Assess your organisational security awareness and use the results to decide on future training modules for your staff. You can also use tools from dedicated cybersecurity businesses like KnowBe4 or Cofense, which provides a phishing alert button employees can use to flag suspicious emails – you can then blacklist those reported email addresses if they are potentially harmful senders.”

Research company Statista found that phishing and its variations (smishing, vishing and pharming) were the most commonly reported cyber crimes worldwide in 2021, with 324,000 reports. This was almost four times the amount of non-payment/non-delivery reports, the second most commonly reported cyber crime with 82,500 reports.

Methodology

  • To raise awareness of National Cybersecurity Awareness month, researchers at Hicomply wanted to identify individuals most likely to be targeted by phishing attacks
  • They looked at data from the Office for National Statistics and National Fraud Investigation Bureau (see sources below).
  • Experts at the business based the profile of a person most likely to be targeted on the percentage of survey respondents that indicated they had received a message which could be phishing:
    • 59% - 25-44 years old
    • 56% - employed (vs 39% unemployed)
    • 52.5% - private renter or homeowner
    • 56% - live in one of the 20% least deprived areas of England)
    • And percentage of NFIB-reported cyber dependent crime victims (47% female) from 1 Jan 2022-28 Sept 2022.
  • Experts based the profile of a person most likely to fall victim to a phishing attack on the percentage of respondents that indicated they had clicked or replied to a potential phishing message:
    • 5% - 35-44 years old
    • 7% - social renter
    • 5% - live in one of the 20% most deprived areas of England
    • And percentage of NFIB-reported cyber dependent crime victims (47% female) from 1 Jan 2022-28 Sept 2022.

Sources

More Insights

ISO27001
How to solve a problem like third-party vendors
ISO27001
Spread your ISMS audit over three years
ISO27001
Understanding e-commerce requirements for PCI DSS