Advo IT expert, Colin Middleton, outlines some of the universal common online challenges faced  by both employers and employees.

Phishing is one of the most common and dangerous cyber threats facing individuals and organisations today. It involves the use of deceptive emails, messages or websites designed to trick people into revealing sensitive information such as passwords, credit card numbers, or login credentials.

How Phishing Works

Phishing attacks often appear to come from trusted sources—such as banks, employers or well-known websites. The message usually contains a sense of urgency (“Your account will be locked!”) and encourages the recipient to click a link or download an attachment. These links typically lead to fake websites that mimic genuine ones, tricking users into entering their private information.

Types of Phishing Attacks

• Email Phishing: The most common type, using fake emails to lure users.
• Spear Phishing: A targeted form that uses personal details to appear more convincing.
• Smishing and Vishing: Phishing via SMS (smishing) or voice calls (vishing).
• Clone Phishing: Replicates legitimate messages with malicious changes.

Example 1: Fake Bank Alert (Email Phishing)

You receive an email claiming to be from your bank with the subject: “Urgent: Unusual Activity Detected on Your Account.” The message says your account will be suspended unless you click a link to verify your identity. However:

• The sender’s email is support@secure-bank123.com (not the real domain).
• The link leads to a fake login page.
• There are grammatical mistakes and an impersonal greeting like “Dear customer.”

These are clear signs of phishing.

Example 2: Fake Delivery Notification (Smishing)

You get a text message that reads:
“Royal Mail: Your parcel is waiting for delivery. Please pay £1.99 to schedule delivery” with a link to a fake payment page.
The URL might look like: royalmail.delivery-confirm.net, which is not an official domain.

• Legitimate delivery services rarely ask for payment via SMS.
• The sense of urgency is used to trick you into acting quickly.
  This is a classic smishing attempt.

Example 3: CEO Requesting Gift Cards (Spear Phishing)

An employee receives an email that seems to come from their CEO:
“Hi, I’m in a meeting and need you to quickly purchase £500 in gift cards for a client. Send me the codes ASAP.”
It looks genuine at first glance, but:

• The reply-to email is ceo.company@gmail.com, not the CEO’s actual work email.
• The request is unusual and rushed.

This is a spear phishing attack targeting specific employees in the organisation.

Example 4: Duplicate Company Email (Clone Phishing)

• You previously received a genuine email from your IT department with a subject line: “Important: Upcoming Password Policy Update.” A few days later, you receive what looks like the exact same email—with the same layout, branding and sender name.
• However:
• The link in the second email is slightly different, leading to a fake login page.
• The original email address has been spoofed or subtly changed (e.g. it-support@yourcompany.com vs it.support@yourcompany-security.com).
• The cloned message arrives unexpectedly, without explanation.

Because the email closely resembles a legitimate one, users are more likely to trust it—making clone phishing especially dangerous.

How to Protect Yourself

• Be cautious of unexpected emails, texts or requests.
• Check the sender’s details carefully.
• Hover over links to preview the URL before clicking.
• Enable multi-factor authentication (MFA) for important accounts.
• Keep devices and security software up to date.

Phishing is a growing threat, but by staying alert and thinking critically, you can protect yourself and others from falling victim.

If you are ever in doubt consult with your local IT Support Team

PLEASE NOTE THAT ADVO CAN RUN ONLINE IT SECURITY AWARENESS COURSES.