Hook, line and sinker - understanding and avoiding phishing attacks


Authored by NMU

Addressing the growing threat of phishing attacks to businesses

Keeping pace with the ever evolving and increasingly sophisticated nature of cyber threats is important for all businesses. Once again, we take a deeper look at key cyber threats, identifying emerging cyber trends, and sharing our insights and understanding with brokers. 

Join us as we shine a light on the murky world of phishing attacks in 2023 and take the lid off some of the more common methods being used by cyber criminals, as well as some unwelcome new threats that we’ve spotted.

Dispelling the myths and acknowledging the facts

Surprisingly, many businesses are still under the mistaken belief that their security strategies of previous years are sufficient for today’s cyber threats, or that they can’t possibly be a target themselves. Unfortunately, we believe that they’re wrong. Ultimately, nobody is immune to cybercrime, and phishing and ransomware attacks continue to be the mainstay cyber threat that criminals employ to gain access to accounts, stealing key information in the process.

Phishing attacks and the first line of defence

To start with, you need to recognise a scam when you see it and businesses should familiarise themselves with the giveaway signs that allow you to spot when something is not above board:

  • Email address:  Check the sender's email address carefully. Phishing emails often come from fake or suspicious looking addresses. 
  • Urgency:  Phishing attacks often create a sense of urgency to make the victim act quickly without thinking.
  • Misspellings and grammatical mistakes:  Many phishing emails contain spelling and grammatical errors, as they are often sent out in large quantities without much effort put into them. 
  • Suspicious links:  Hover over any links in the email to see where they lead. If the URL looks suspicious or unfamiliar, do not click on it.
  • Request for personal information:  Legitimate companies will never ask for personal information such as passwords or credit card numbers through email. 
  • Attachments:  Be cautious of attachments, as they can contain malware or viruses.
  • Unfamiliar sender:  If you receive an email from someone you don't know, or who doesn't seem relevant to you, it's best to delete it without opening it.

Five types of phishing attacks

At present, five of the most common types of phishing include:

  • Spear Phishing: This type of attack is highly targeted and personalised, often using personal information and social engineering to make the victim more likely to fall for it.
  • Whaling: Like spear phishing but targeted towards high-level executives or individuals with access to sensitive information in a company.
  • Clone Phishing: Attackers create an almost identical copy of a legitimate email or website to trick victims into providing their personal information.
  • Vishing: A form of phishing that is done through phone calls, where the attackers’ tactics are to entice victims into divulging sensitive information.
  • Smishing: Like phishing but done through by sending deceptive text messages instead.

Today, phishing accounts for 16% of all cyber-attacks which clearly indicates that cyber security measures and staff education only go so far in protecting a business.  

Cyber insurance goes a step further and it’s a step we strongly recommend a business takes.

Cyber security only goes so far

NMU cyber insurance solution goes further 

What’s best for businesses of every size – small, medium, and blue-chip – is to plan for every eventuality, even a dreaded data breach. Any form of attack though could significantly impact a company, both financially and operationally, which is when cyber insurance could prove invaluable.

“Cyber criminals don’t discriminate between the size of the business, or sometimes even the industry, but what they do is target an organisation’s defences, or lack of defences, and unfortunately the defences of an SME’s can be weaker than the defences of a larger company due to the size of their IT security budget. Therefore, the importance of a fit for purpose cyber insurance policy is vital to protect an SME.”

Matt Drinkwater, NMU Cyber and Financial Lines Underwriting Manager

Our own product provides businesses with a simple, robust solution for a range of first party and third-party risks related to cyber-attacks, all backed by strong breach response and restorative support services.

Find out more about NMU’s Cyber insurance proposition HERE


About NMU

NMU is an award-winning provider of specialty insurance solutions

We are the first choice for brokers looking for specialty insurance, offering solutions that are not simply off-the-shelf, but built upon a real understanding of the risks faced by policyholders. This, together with our ability to write risks such as storage, installation, construction and exhibitions outside of the UK and offer terrorism cover on overseas property, sets us apart from the competition.

You can count on us, when you need us most! We are NMU

Our team of professionals based across the UK, provides customers with an in-depth product knowledge and a real personal service.

We provide bespoke insurance products that are not simply off-the-shelf solutions, but built upon a real understanding of the risks faced by policyholders as well as offering added value services to benefit our clients.

Our product and services range comprises:

Cargo InsuranceMarine cargo policies cover goods during import and export, including any incidental storage, as well as domestic distribution. Stock throughput polices can cater for all this plus other, intentional storage…read more

Freight Liability InsuranceCovering the liabilities to which hauliers, freight forwarders and warehouse keepers are exposed when they contract to move or store goods owned by others…read more

Engineering InsuranceCovering contractors’ all risks (CAR), erection all risks (EAR) and contractors’ plant; machinery movement (and installation), breakdown and business interruption; deterioration of stock; and electronic risks…read more

Marine Equipment InsuranceCovering remotely-operated and autonomous underwater equipment – ROVs, AUVs and the like…read more

Terrorism and Sabotage InsuranceStandalone terrorism cover can be a more flexible and cost-effective alternative to traditional placement routes…read more

Motorsport InsuranceDesigned for commercial risks, our motorsport policy offers 24/7 cover for teams at all levels across all disciplines…read more

Cyber InsuranceProviding SMEs with a simple, robust solution for cyber liabilities, cybercrime and restorative support…read more

Risk ControlWhilst we pride ourselves on our claims service, there is far more benefit to policyholders in preventing loss and damage in the first place…read more

Online FacilitiesTo complement our award-winning service, we use online facilities to assist NMU policyholders and brokers alike…read more

Claims ManagementWe pride ourselves on prompt and efficient claims management, which is supported by the use of independent surveyors and adjusters to quantify larger losses and to give advice on mitigation measures…read more

Latest video

NMU video: Celebrating 40 years in business

Authored by NMUA lot has changed over the last four decades – the way we work and communicate, the risks we insure, the technology we use to provide the best... click here for more