Phishing: what’s next? 

Phishing: what’s next? 

Phishing attacks, picture of a fish with password and username

Royal Bank of Scotland’s Security Awareness Lead and speaker at this year’s TEISS, Lesley Marjoribanks, discusses phishing predictions we should be mindful of in 2018 and how to protect ourselves against them.  

Phishing; a longer game  

Lesley says that from a banking point of view, fraudsters are playing a longer game. “Previously it was a case of smash and grab, but now fraudsters will get a foot in the door and take two or three months to build up a relationship with their victim. They get little bits of information before going in for the kill,” she explains. 


Ransomware, Lesley predicts, will continue to be one of the biggest threats amongst phishing and will be directed at services where people can be significantly affected, such as hospitals.

Phishing as a distraction 

“We have seen distraction techniques take place within DDoS attacks, where fraudsters make it look like they’re taking the system down but actually they’re going in and manipulating payment systems,” Lesley states. She thinks we will see the same pattern in phishing – where phishing is used as a distraction for something more sinister that’s going on.  


A lot of information from LinkedIn is being used in phishing scams now. “We’ve seen a lot of emails at the end of 2017 where fraudsters have gone onto LinkedIn – getting RBS staff information, contacting customers and saying they work in security at RBS and to check their LinkedIn profiles if they don’t believe them,” she says.  

Mobile Malware 

“We don’t see fraudsters having an inroad to banking mobile apps yet,” Lesley states. She thinks mobile malware should be on our radar for 2018 because it’s only a matter of time before phishing starts making its way into mobile channels too.  

 Of further interest: 9 things you didn’t know about DDoS attacks in 2017 

Good cyber hygiene: Lesley’s tips  

1. Know what you put on social media profile

You’re offering up a jigsaw for fraudsters. They get a little information from your LinkedIn profile, Facebook and Twitter feed and before you know it – they’ve got a good idea of where you live, what you do and have enough information for a compelling phishing email. Know what you have got out there.  

2. Don’t be too specific with your job title on social media 

This means removing anything which could be of interest to a fraudster whilst keeping your profile relevant and up-to-date.  

3. Hover over the sender’s email 

Make sure you hover over the sender’s email. The email might say it’s from John Smith, however if you hover over the sender’s email and it reads as gobbledygook you know you it’s a red herring and not to be trusted. 

4. Patch all your devices

Patches will be plugging security holes on all devices. If you haven’t done that you’re like a house on a street without a burglar alarm.  

5. Duo authorisation

“From an internal audit point of view, make sure that sure that your internal processes are safe. For example, if you are authorising payments – make sure that you have two people/duo authorisation involved,” Lesley advises. Two minds and instincts are better than one when dealing with key processes.

6. Free anti-malware from UK banks 

Lesley says that all high street banks in the UK offer free anti-malware software for their customers. “Make sure you get this free software that will guarantee that you are connected with a genuine bank website,” she advises.  

7. Trust your gut 

Fraudsters are clever at knowing what piques human interest and what will attract humans to click on that link. Every facet of human nature is played upon and the fraudsters know how the human psyche acts.  

However, there is hope. Lesley reveals that when speaking to people who’ve been victim to fraudulent abuse, 9 times out of 10 it did not feel right. Her advice is to trust your gut instinct – if it doesn’t feel right, invariably it isn’t.  

Also of interest: 11 ways of keeping cyber safe outside the office 


Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]