How to prevent the 83% of phishing attacks businesses suffered last year


Authored by NMU

With week two of Cyber Security Awareness Month 2021 underway, we’re taking a closer look at phishing attacks and scams, which have thrived since the pandemic began back in March 2020. As we covered in our previous blog, remote working has exposed a huge cyber security weakness for many organisations, with employee’s unsecured personal devices posing a particular risk.

Phishing is in no way a new threat to businesses. It has existed for many years and yet still continues to be one of the most popular types of scam employed by cyber criminals. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails, or directing victims to fraudulent websites in order to obtain logins or other sensitive information. Looking at recent statistics, UK Government figures show that phishing was by far the most common form of attack faced by businesses over the last year, with 83% of businesses and 79% of charities experiencing a phishing scam. During 2021, a number of phishing scams have become wide-spread and even garnered media attention, such as the rise in Royal Mail related SMS phishing scams.

How to protect against phishing

With phishing attacks so prevalent and some being incredibly convincing on the surface, what can businesses do to protect themselves? Educating their staff about how to spot these phishing scams is vital, as is promoting vigilance. With this in mind, here are some top tips about how to identify phishing scams:

  • Don’t fall for ‘urgent’ emails – these typically use scare tactics to trick victims into taking immediate action.
  • Never click links or download attachments from an unexpected email or text.
  • If you receive a suspicious email from an official organisation, report this to the organisation via their website.
  • If you are prompted to make a payment or charity donation, type the organisation’s web address into your browser rather than following an email link.
  • Hover but don’t click on email links – if the alt text does not match the display text or appears strange, do not click.
  • Check your accounts regularly to ensure no changes have been made without your knowledge, this will make spotting phishing attacks easier.

Friendly spear phishing

One specific form of phishing attack that has become more popular in recent years with the rise of social media is friendly spear phishing. In these phishing attacks, a specific individual is identified (typically via social media) and then targeted by cybercriminals. In these attacks, criminals often use fake or hijacked social media accounts to engage in friendly conversations with victims, as a way of lowering their guard. Once they believe that trust has been established, the scammer will send a Microsoft Word document and ask the victim for them to review and advise. Upon opening the document, the victim will be prompted to  enable macros, if they do, their system will download and install dangerous malware. In order to protect against this sophisticated phishing scam, here are some things that you can do:

  • If an individual you’re talking to sends you files to download, consider if they seem out of character. Are they using the same language and grammar as usual, or does something seem off?
  • Before enabling macros for a file, contact the sender via phone or text to verify who created the file, what it contains and why you need to enable macros.

Educating staff about how to detect phishing scams is one of the best lines of defence available to organisations, along with promoting vigilance and easy-to-follow guidelines. But unfortunately there is always a chance that a phishing attack will be successful, infiltrating an employee’s device or compromising a business’s website. In these instances, it’s vital that businesses have protection, which is where our CyberSafe solution can help. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support from ReSecure.

Contact us

For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;

Matt Drinkwater, Cyber & Financial Lines Underwriting Manager – 07748 676262
Cliff White, Underwriter – 07971 923108
John Kellett, Underwriter – 07568 432512


About NMU

NMU is an award-winning provider of insurance solutions across a range of product lines.

Established in 1982 to actively trade in the provincial market, NMU provides a range of innovative insurance solutions backed up by award winning service. NMU have since grown to become a leading player, with a network of strategically placed offices.

At the heart of our business are competitiveness, service, attention to detail, innovation, flexibility and the fair treatment of customers. What sets us apart, is our ability to provide bespoke insurance solutions that are not simply off the shelf, but built upon a real understanding of the risks faced by policy holders.

We provide insurance solutions to more than 15,000 customers. Our range of products encompasses:

  • Cargo: imports and exports, storage, distribution
  • Marine Equipment: ROVs, AUVs
  • Freight Liabilities: haulage, freight forwarding, warehouse keeping
  • Engineering: construction and plant, machinery, deterioration of stock, computer equipment
  • Terrorism: property damage and business interruption
  • Marine Trade: Public liability, employers’ liability, buildings, contents, business interruption and other covers for the marine trade industry
  • Motorsport: vehicles, trailers, tools and equipment

With offices in Dublin, Belfast, Glasgow, Leeds, Manchester, Birmingham, LiverpoolLondon and Maidstone, NMU are ideally placed to understand and meet the needs of brokers across the UK and Ireland.

Latest video

NMU Video: You can count on us when you need us most! – We Are NMU

Since the nation moved to working remotely, we immediately and seamlessly continued to support our insurance broker partners with our mutual clients’ insurance... click here for more