Last Updated on: 22nd November 2023, 03:43 pm
Essex-based broker, Ascend Broking, is warning businesses that Britain’s got talent and is, in fact, flooded with it when it comes to fantastic impersonators and impressionists.
Phishing is now the most common type of cybercrime in the UK and occurs when a cyber-criminal impersonates another organisation or individual, either within an email or SMS text message, or on a fake website that purports to represent the ‘real’ organisation.
By convincing an individual that they are dealing with the authentic entity, be that a retailer, a bank, a delivery service or something else, the cyber-criminal manages to lure their victim into their net.
This may be through forcing them to click on a malware link or, most often, by encouraging them to enter details into an online form that will steal their bank or credit card details.
All is done through reasonably clever impersonation, in that the cyber-criminal will use logos and colours associated with the real entity they are impersonating. They may also have studied the type of SMS a delivery company often uses and give the first name of a driver who is supposedly ready to call with a parcel but needs more details. They may well replicate the style of regular email issued by a particular company.
Often, however, if you examine the email address from which the email has been sent, you will discover it is not from an address associated with the real company. You may also realise it has not come from a UK email address, having an RU, SA, JP, or some other shortened version of a country’s name in it, at the very end of the address, where you should see UK.
Another tell-tale sign that this is an impersonator is if the English or grammar used in the communication is not correct or sounds like pigeon-English. Strange spelling of words may be another giveaway.
Sometimes, the impersonation can be more convincing. A cyber-criminal may have gained access to an email system and pose as a director of the business in question. They may email a member of staff, asking they do something on their behalf – most typically transferring money. Accounts and office management staff, in particular, need a series of verification controls, to make sure they check a request is ‘real’, before making any payments.
In a world of Artificial Intelligence (AI), it is also possible to mimic the voice of a director and request an action of an employee via a phone call. Again, employees need to be very aware of this advanced tactic and ensure verification controls are again carried out in full. Just because it sounds like your boss, or looks like your boss on a video, doesn’t mean it is.
Ascend Broking’s managing director, Matthew Collins, says, “Britain’s got talent when it comes to impersonators, even if many of those carrying out the impersonations will not be located in the UK and are just pretending to be.
“Businesses of all sizes need to be on their guard and staff must be trained to question everything, ensuring that every communication is as it seems, before acting on it. No bank details or financial information of any kind should ever be revealed just on the basis of an email. Always ring whoever is supposed to have sent an email, to ensure that they have.
“Never make bank transfers out of the blue, or without carrying out all necessary checks. Examine invoices and spot whether there are any changes to them that sound alarm bells, such as a change of address or bank details. Literally, trust nobody, until you have verified what is in front of you.”
Ascend Broking says it is almost imperative that every organisation has cyber protection in place, to pick up the costs of an attack, following human error or exploitation of a technology weakness. The likelihood of this happening, to all sizes of business, is extremely high and cyber insurance is a safety net well worth having, to prevent serious financial loss.