Our Approach

Definitive Guide to Ransomware

Phishing

From smaller fish to whales: everybody can be lured in by just the right bait. 

 

Phishing continues to be a serious and widespread threat in cybersecurity. It targets human behaviour, manipulates trust, and adapts rapidly, posing significant risks to individuals, businesses, and public institutions. Although efforts to raise awareness have grown in recent years, phishing remains highly effective and is still one of the most commonly used attack methods. 

What is phishing?

Phishing is a social engineering attack in which cybercriminals impersonate trusted entities to trick individuals into revealing sensitive information, such as login credentials, financial details, or authentication codes. It is typically executed through deceptive emails, SMS messages (smishing), social media, fake websites, or even phone calls (vishing). 

The goal is to manipulate victims into taking action: clicking on a link, downloading a file, or entering data on a fraudulent site. From there, attackers can gain unauthorized access to accounts, deploy malware, or sell stolen information on the dark web. 

How phishing works

At its core, phishing follows a clear lifecycle: 
  • 1Attack staging
    The attacker prepares fake websites, messages, or forms, often using phishing kits purchased online.
  • 2Delivery
    Victims are targeted through email, SMS, malicious ads, or social engineering.
  • 3Credential theft
    Once the victim enters their data, it is harvested in real time.
  • 4Use
    Attackers log into real services immediately; sometimes while the user is still on the phishing page.
Modern phishing campaigns often mimic real-time login processes. For example, when a user submits credentials, the attacker simultaneously logs in to the legitimate website and intercepts Multi-Factor Authentication (MFA) prompts through tools like EvilProxy, allowing them to bypass otherwise secure systems. 

Types of phishing

Phishing has evolved into a wide variety of techniques, each designed to exploit trust through different communication channels and targeting strategies. Below, we have listed the most common types of phishing: 
  • Email phishing
    The most widespread form, where attackers impersonate trusted brands or contacts via deceptive emails.
  • Spear Phishing
    Personalised and targeted emails crafted for a specific individual or organisation.
  • Whaling
    Whale phishing or whaling is a type of spear phishing that specifically targets high-profile individuals like CEOs or CFOs.
  • Smishing
    SMS-based phishing, often including shortened links or fraudulent payment requests.
  • Vishing
    Voice phishing conducted over the phone, where attackers impersonate tech support, banks, or internal personnel.
  • Search engine phishing
    Fake ads or listings in search engine results that direct users to fraudulent websites.
  • Secondhand platform phishing
    Scams carried out through online marketplaces (e.g., fake bank transfer links on webshops like Facebook Marketplace).
  • Social media phishing
    Fake messages or posts shared through platforms like LinkedIn or Facebook to steal credentials or spread malware.
These methods often overlap and evolve rapidly, combining tactics to increase effectiveness and bypass traditional defences. 

Why phishing remains so prevalent

Phishing continues to dominate as one of the most effective and scalable cyberattack methods due to a blend of accessibility, technological advancement, and human vulnerability. 
  • Low barrier to entry
    The rise of phishing kits and Phishing-as-a-Service (PhaaS) platforms on the dark web allows even low-skilled individuals to deploy convincing phishing campaigns with little effort or expertise. These ready-made toolkits often come with templates, hosting infrastructure, and detailed instructions.
  • High ROI for attackers
    A single successful phishing attempt can lead to unauthorised access to critical systems, stolen credentials, financial theft, or even full-blown ransomware attacks.
  • Real-time credential theft
    Advanced phishing pages can capture and transmit login information instantly, allowing attackers to access real accounts while victims are still interacting with the phishing site.
  • MFA bypass capabilities
    Attackers now use tools like EvilProxy to intercept and exploit multi-factor authentication flows, significantly reducing the effectiveness of even well-configured MFA setups.
  • Cross-platform reach
    Beyond traditional email phishing, attackers leverage smishing (SMS), social media DMs, search engine ads, and secondhand marketplaces to widen their reach and catch users off guard.
  • AI-driven realism
    One of the most transformative trends is the use of generative AI to craft highly realistic and grammatically flawless phishing emails. These AI-generated messages are often context-aware, tailored to the recipient, and free of the common red flags people are trained to spot. This makes them significantly more effective at tricking even cautious users.
Together, these factors enable phishing to remain both a low-effort and high-impact tactic, evolving rapidly and continuing to pose a severe threat to organisations of all sizes. 

Defensive measures

Combating phishing requires a combination of technology, training, and proactive defence strategies: 
  • Security awareness training
    Ongoing training and simulations help employees identify red flags, such as suspicious links, urgent requests, and impersonation tactics.
  • Email authentication
    Protocols like SPF, DKIM, and DMARC verify legitimate email senders and help prevent spoofing.
  • Real-time credential theft
    Advanced phishing pages can capture and transmit login information instantly, allowing attackers to access real accounts while victims are still interacting with the phishing site.
  • Web filtering and isolation
    Secure web gateways block access to known phishing domains and malicious links.
  • Endpoint and email security solutions
    Behavioural-based tools detect and block suspicious files, messages, and login attempts.
  • Multi-factor authentication
    While not infallible, MFA still makes it harder for attackers to gain access, especially when using hardware tokens or app-based authentication.
  • Managed Detection and Response (MDR)
    An MDR partner provides 24/7 monitoring, real-time response, and in-depth threat analysis. It detects threats that bypass traditional filters and responds quickly to contain them, making it a critical layer for dealing with today’s advanced phishing campaigns.

Explore our MDR service

Looking for comprehensive cybersecurity solutions tailored to your organisation's needs? Explore our Managed Detection and Response (MDR) services. Our SOC provides scalability, cost-effectiveness, and access to specialised expertise. Our MDR services help organisations detect, analyse, and respond to cyber threats in real time, leveraging advanced threat intelligence and proactive monitoring to identify and mitigate risks like ransomware and cyber espionage. We also assist in navigating cybersecurity regulations such as NIS2, providing visibility into security telemetry and log retention. With an “assume breach” mindset, we help organisations strengthen their security posture and reduce the impact of potential threats.