Social Engineering: Phishing, Smishing & Vishing

Social Engineering: Phishing, Smishing & Vishing

In today’s world, unfortunately there are many different types of cyber threat. According to the Cyber Security Breaches 2023 Survey from Gov.UK it is estimated that, across all UK businesses, there were approximately 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime over the last 12 months.

Each day hackers are getting more advanced by evolving their attack methods to exploit you and your business. In this blog we will be focusing on social engineering, what it is, how to safeguard yourself, and what methods you can put in place to prevent an attack.

What is Social Engineering?

The aim of social engineering is to gain the trust of the targeted person so they lower their guard, which then allows them to be easily encouraged into divulging personal information, clicking weblinks, or opening attachments that may be malicious.

Vishing, Smishing and Phishing

As a business owner, your accounts team will likely have access to your employees personal information such as their dates of birth, national insurance numbers and bank account information, as well as your company bank details and private documents.

However, even your most trusted employee can be easily fooled.



Unfortunately, scammers are getting more advanced, using AI technology such as voice changers to easily trick your staff into divulging information.

This is called Vishing, a new method of phone based social engineering where the hacker impersonates the unsuspecting victim to gain information such as bank details, credit card information and so on, to help them in their attempt of identify theft.



Smishing is another form of fraud using SMS text messages which, like phishing, targets the individual by asking them to click a link that is malicious, or to coax them to give private information such as bank details.


Phishing is where a fake email is sent pretending to be from a trusted person or company.

The email will ask for details such as usernames, passwords, bank account or credit card details. A link is usually included in the email, which takes you to a fake website where malware has been installed, which can cause serious disruptions to the victim’s computer.

In worst-case scenarios, the malicious website strips sensitive information from the device, or can take over the device completely.

Never click a link from an unknown sender!


How can I protect my business?

There are several ways to protect your business against potential scams. Putting regular cyber security refreshers in place from companies such as CybSafe is an excellent way of keeping your workforce up to date with their cyber awareness.

   When was your last cyber review?

Gather Technology can provide businesses with a Cyber Security Risk Review.

This independent audit of your immediate security profile includes, but is not limited to, industry benchmarking and an external vulnerability assessment along with other critical safeguarding measures. Your detailed report will highlight all points of interest and a remedial action plan to secure your data.

To book your Cyber Security Risk Review with our IT Experts click here.


Another way Gather can help support your business is by helping you to obtain Cyber Essentials certification.

Cyber Essentials is a government approved scheme, which helps protect businesses of any size against common cyber threats and demonstrates your commitment to cyber security.

As detailed on the National Cyber Security Centre website, the following controls are outlined in Cyber Essentials together with more information about how to implement them:

  • boundary firewalls and internet gateways: establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  • malware protection: establish and maintain malware defences to detect and respond to known attack code
  • patch management: patch known vulnerabilities with the latest version of the software to prevent attacks which exploit software bugs
  • allow listing and execution control: prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  • secure configuration: restrict the functionality of every device, operating system and application to the minimum needed for business to function
  • password policy: ensure that an appropriate password policy is in place and followed
  • user access control: include limiting normal users’ execution permissions and enforcing the principle of least privilege

Gather Technology are proudly Cyber Essentials Plus certified and are ready to support you to achieve this accreditation for your business.

Email [email protected] today for more information.

Enjoyed these tips?

Click Here

If you found this blog helpful, we have lots of other useful downloads with tips on using technology to improve your business. Browse our white papers, guides and free policy templates below.

View Resources