Phishing Attacks | Smart Thinking Solutions

It would have been difficult to miss the fact that Marks and Spencer, the Co-Op and Harrods have all suffered serious cyber-attacks recently. There has been speculation that the attacks originated from a phishing attack, as the hacking group DragonForce bragged in an email that they had hacked an employee of the IT support company M&S uses.

The BBC has some good advice for anyone who thinks they may have been affected by this cyber-attack – better than the trickle out of the hacked businesses (the advice is towards the bottom of the article).

M&S hackers sent abuse and ransom demand directly to CEO – BBC News

Do you need to worry about phishing attacks?

Yes. End of article.

But you argue…

“The latest UK Government survey says phishing attacks have decreased.”

It is true that the Department for Science, Innovation and Technology’s “Cyber security breaches survey 2025” does show a small decrease in the number of phishing attacks reported by small and micro businesses – however, this is not the whole story. When you look at the statistics for the most prevalent active cyber-attacks, phishing attacks far outnumber any other type. (Department for Science, Innovation and Technology 2025)

Why is phishing a popular cyber-attack?

There are multiple reasons but here are my top three:

The first reason is that it works – just ask His Majesty’s Revenue and Customs and the UK Government, who lost £47M because of a phishing attack. (Masud 2025)

Second, it is relatively cheap to implement and again as HMRC can confirm, it can net big rewards.

Thirdly, phishing emails can be used to collect M365 and other valuable credentials from unsuspecting victims and this information can be sold on the Dark Web and/or lead to further, more sophisticated (and profitable) cyber-attacks such as ransomware.

Your Takeaway

If the hackers are relying on one of your team opening a phishing email, then training your team to know what a modern phishing attack looks like should be your priority. If you would like us to deliver that training – get in touch. Before the hackers succeed!

Clive Catton MSc (Cyber Security) – by-line and other articles

References

Department for Science, Innovation and Technology. 2025. “Cyber security breaches survey 2025.” GOV.UK, April 10. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025#chapter-4-prevalence-and-impact-of-cyber-breaches-or-attacks.

Masud, Faarea. 2025. “Scammers stole £47m from HMRC in phishing attack.” BBC News, June 4. https://www.bbc.co.uk/news/articles/cvgnz3r2m7eo.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Do you need to worry about phishing attacks?

But you argue…

Why is phishing a popular cyber-attack?

Your Takeaway

References

Further Reading