28 January 2020

Among the various forms of cyber-attack, phishing - a scamming method that tricks users into supplying sensitive information that hackers can use to access important accounts or compromise data - repeatedly reigns as a top technique. In fact, recent research revealed that 45 per cent of UK organisations have experienced a phishing attack in the past two years.

Although most phishing attacks utilise the same general framework, here are some of the most common formats:

  • Invoice scam - This scamming method involves the attacker impersonating a supplier, partner company or bank provider and sending an email that claims your organisation has an outstanding invoice. From there, the email will request that you click on an attached link or enter payment system credentials, thus providing the attacker with access to your organisation's bank account and funds.
  • Download scam - This phishing format requires the hacker to impersonate a trusted contact of your organisation and send an email that requests the recipient to click on an attached link to be redirected to a website or download an important attachment. However, doing so results in the hacker being able to download malicious software onto the recipient's device and gain access to sensitive data.
  • Compromised account scam - In this method, the cyber-criminal impersonates a third-party company and sends an email claiming that your organisation's account with the company has been compromised. The email requires the recipient to log in and reset the password to their account, which then provides the cyber-criminal with access to your organisation's sensitive account information.
  • Payment and delivery scam - This form of phishing occurs when the hacker impersonates a legitimate supplier or vendor that your organisation recently placed an order with and sends an email claiming you need to update your organisation's payment information before your order can be delivered. By responding to the email, your organisation's payment information and funding will be compromised.


As cyber-attack trends and techniques continue to evolve, so should your cyber-insurance policy. After all, purchasing robust cyber-cover is the only way to ensure ultimate protection against a costly data breach. Don't ignore your organisation's cyber-risks; review and update your policy to avoid the ruinous ramifications of a cyber-attack, such as a phishing scam.

For more information and cyber-insurance solutions, contact Verlingue today. 

┬ęZywave, Inc. All rights reserved.