Over half of adults admit to having been targeted in a phishing scam¹ and recent macroeconomic events such as the Covid-19 pandemic and cost of living crisis have only exacerbated the situation. But what exactly is ‘phishing’, how do you recognise it, and what’s the best way to avoid being caught out?

What is 'phishing'?

Phishing is a type of social engineering which involves sending a fraudulent message (generally an email but potentially also a text, website, advert or phone call) designed to trick individuals into revealing sensitive information and/ or data, or to deploy malicious software on the victim’s infrastructure.

It’s not just individuals who can fall victim to phishing; according to government data, phishing attacks on businesses have risen from 72% to 83% in the last 12 months.²

Why should businesses be aware of phishing?

Organisations of any size can be targeted by a phishing attack. If carried out successfully, phishing can have severe consequences for a business, including:

business disruption, with systems disabled and staff unable to work
loss of intellectual property and data
reputational damage
a drop in company value, with diminished investor confidence
regulatory fines and financial penalties where data privacy laws have been compromised.

Of all the types of breaches and attacks reported by organisations, the most common by far is phishing.

(Cyber Security Breaches Survey 2022)

How to recognise a phishing scam

Cyber criminals are using increasingly sophisticated methods to deploy phishing attacks. When being on the alert for phishing attempts, the following can be a sign:

a 'dodgy' or unrecognisable looking domain name
a claim of authority (e.g. posing as a solicitor or government department)
poor spelling or grammar
suspicious attachments or links
a sense of urgency (being given a limited time to respond)
a request for sensititve information

How can businesses protect themselves?

Employee education

A key part of mitigating successful phishing attempts is to educate employees on how best to recognise phishing and what to do in the case of an attack. It’s recommended to run training on this and ensure staff are clear on how to report a suspected attack. Naturally, remote workers should be included in any such training.

Password tools and policies

Businesses can make use of password manager tools and encourage the use of strong passwords with special characters, with regular expiration dates.

Use multi-factor authentication for company systems

This involves requiring a user to successfully provide (at least) two pieces of evidence in order to verify their identity and log in, such as a password and one time access code.

Carry out phishing simulations

Companies can run mock phishing tests where they send an email to employees designed to mirror a typical phishing attempt. This measures staff awareness levels and can indicate a need for further training/education.

How can brokers help in the fight against phishing

Brokers can act as a ‘first line of defence’ in fighting fraud. By helping to educate customers on types of fraud and reporting any instances through the appropriate channels, insurers and brokers can continue to make it tougher for cyber criminals to succeed.

Further information

You can report suspected insurance fraud confidentially via the insurance Fraud Bureau and cyber crime via Action Fraud.

10 steps to Cyber security - National Cyber Security Centre

Press release

What is index linking?

Index linking is the amount applied to insurance policies by insurers, designed to safeguard the sum insured against changes in the economic environment.

Press release

Three issues that impact the solar industry: Mounting, Monitoring and Maintenance.

There are three issues that impact the long-term productivity and sustainability of the solar industry - Mounting, Monitoring and Maintenance. We explain what these issues are, and how to minimize the risk.

Press release

Repairing the skills gap

A shortage of skills in the motor repair sector is fuelling claims costs and pushing up motor insurance premiums. As the shortage is exacerbated by the need for new skills to work on vehicles with the latest technology, the industry must work together to plug the gap.

Press release

How to reduce the risk of e-bike and e-scooter fires

As more and more people choose to use e-bikes and e-scooters for commuting and personal use, emergency services and insurers are seeing a worrying increase in fires.

Press release

Directors and officers insurance insights 2024

Brendan Husband-Whiting, senior Directors & Officers liability account underwriter at Allianz, outlines the risks directors and officers are facing and explains why insurance cover has never been so important.

Insight

Underinsurance - a continuing issue

All businesses are open to risk if they don’t have the correct level of insurance, and some, more than others, may be at risk of financial hardship as a result of being either underinsured or uninsured.

Warehouse employee with a digital device

Insight & expertise

Lithium-ion batteries – how to reduce the risk of fires in commercial buildings

Lithium-ion batteries are the main type of rechargeable battery used and stored in commercial premises and residential buildings. The risks associated with these batteries can lead to a fire and/or an explosion with little or no warning.

Insight

The top risks for UK businesses in 2024

The Allianz Risk Barometer, an annual report identifying the top corporate risks for the year ahead, has identified the top risks for businesses in 2024. Here we look at the top ten risks identified by UK participants.

Insight & expertise

Top five risks of solar energy

In this article we’ll explore the top 5 risks of solar energy, and highlight why there’s a need for stronger industry standards in the renewables field.

Insight & expertise

The risks of renewables: Top five risks of wind energy

Here we explore the top five risks associated with the use of wind energy and explain why there is a need for stronger standards within the wind power and renewables sector.

Press release

Directors and officers insurance insights 2023

Being the director, partner or officer of a company is a great way to shape a business and contribute to its success. But, as these individuals are also personally liable for the actions they take in their roles, understanding and mitigating these risks is essential.

Insight & expertise

Protecting customer data - 8 tips from Allianz

Data is a valuable corporate resource. However, data collection carries a range of potential risks that businesses must plan for, including data breaches.

Insight & expertise

Risks of being both Underinsured and Uninsured

The cost of living is at an all-time high and as a result we’re seeing evidence of businesses either reducing their cover, or cutting it completely. BIBA’s 2023 Manifesto, states that in the past year, 51% of businesses have stopped buying at least one insurance cover

Press release

Light commercial vehicles - managing the safety and technology gap

We explore the current trends in light commercial vehicles, including demand, safety, standards and managing new electric commercial vehicles.

Insight

The top risks for UK businesses in 2023

The Allianz Risk Barometer, an annual report identifying the top corporate risks for the year ahead, has identified the top risks for businesses in 2023. Here we look at the top five risks identified by UK participants.

1. Office for National Statistics. Phishing attacks - who is most at risk? 26 September 2022.

2. Gov.uk. Cyber Security Breaches Survey 2022.

Spotting something 'phishy' - keeping
businesses safe

What is 'phishing'?

Why should businesses be aware of phishing?

Of all the types of breaches and attacks reported by organisations, the most common by far is phishing.

(Cyber Security Breaches Survey 2022)

How to recognise a phishing scam

How can businesses protect themselves?

Employee education

Password tools and policies

Use multi-factor authentication for company systems

Carry out phishing simulations

How can brokers help in the fight against phishing

Further information