[email protected] +44 (0)20 7917 9527
Book your demo
Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Cyber Police Departmental Cyber Security Training
Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Blog News Room Webcasts
Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

head background

THE ULTIMATE GUIDE TO PHISHING

Don't let you staff take the bait!

Download the eBook
head image
subhead background

What is Phishing?

In today’s increasingly digital world, so much of what we do, whether it’s for business or pleasure, is carried out online. This increase in online activity has resulted in a massive explosion in cybercrime.

Cybercrime has become a powerful tool for criminals looking to steal our personal data and extort money. The speed, anonymity and convenience of the internet has enabled criminals to launch highly targeted attacks with very little effort.

According to a recent report from cybersecurity firm Norton, cybercriminals stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users.

The most successful and dangerous of all the cyber-attacks is phishing. Research has found that 91% of all cyber attacks start with a phishing email.

Phishing continues to be the most common form of cyber-attack due its simplicity, effectiveness and high return on investment. It has evolved from its early days of tricking people with scams of Nigerian prince’s and requests for emergency medical treatment. The phishing attacks taking place today are sophisticated, targeted and increasingly difficult to spot.

count image

The staggering number of emails sent every day around the world means that it's an obvious attack method for cybercriminals. Radicati Group have estimated that 3.7 billion people send around 269 billion emails every day.

whatisphishing icon email

Researchers at Symantec suggest that almost one in every 2,000 of these emails is a phishing email, which means around 135 million phishing attacks are attempted every day.

Types of Phishing Attacks

Phishing attacks come in many different forms but the common thread running through them all is their exploitation of human behaviour. The following examples are the most common forms of attack used.

spear phishing

Spear Phishing

Spear - Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. These types of attack use personal information that is specific to the individual in order to appear legitimate.

The cybercriminals will often turn to social media and company websites to research their victims. Once they have a better understanding of their target, they will start to send personalised emails which include links which once clicked, will infect a computer with malware

vishing

Vishing

Vishing refers to phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.

The call will often be made through a spoofed ID, so it looks like it's coming from a trustworthy source. A typical scenario will involve the scammer posing as a bank employee to flag up suspicious behaviour on an account. Once they have gained the victim’s trust they will ask for personal information such as login details, passwords and pin. The details can then be used to empty bank accounts or commit identity fraud.

whaling

Whaling

What distinguishes this category of phishing from others is the high-level choice of target. A whaling attack is an attempt to steal sensitive information and is often targeted at senior management.

Whaling emails are a lot more sophisticated than your run of the mill phishing emails and much harder to spot. The emails will often contain personalised information about the target or organisation, and the language will be more corporate in tone. A lot more effort and thought will go into the crafting of these emails due to the high level of return for the cybercriminals.

smishing

Smishing

Smishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It is another effective way of cybercriminals tricking individuals into divulging personal information such as account details, credit card details or usernames and passwords. This method involves the fraudster sending a text message to an individual’s phone number and usually includes a call to action that requires an immediate response.

whatisphishing icon 369

Clone Phishing

Clone Phishing is where a legitimate and previously delivered email is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.

How Phishing can Damage Your Business

Attacks against businesses have almost doubled in the last five years and the damage from a phishing attack to a business can be devastating. Over the years, businesses have lost billions as a result of phishing attacks. Microsoft estimates that the potential cost of cyber-crime to the global community is a staggering 500 billion and a data breach will cost the average company about 3.8 million.

Despite having the strongest security and defence technologies in place, cybercriminals will often exploit the weakest link in a company’s defences which is often its employees. Just one human error can result in a massive loss of sensitive data.

Research from Cisco found that 22% of breached organisations lost customers in the immediate aftermath of an attack, demonstrating just how seriously consumers take the security of their data.

A successful phishing attack can result in:

identity theft p7n2e0bapmiutx874lsh4tx2ol74v2ecqx7dkiiosg.png

Identity Theft

theft of sensitive data p7n2cuyecwy8n2w9u3ww34csjmuzgdu5x8i0gc80e8.png

Theft of Sensitive Data

theft of client information p7n2d68gmxdoiefw08sex1ibo9be0r2xysbu7nrabk.png

Theft of Client Information

loss of usernames and passwords p7n2digd3ruepby50w2kbgfbe9n5stfgcgt5g9962o.png

Loss of Usernames and Password

loss of intellectual propety p7n2do3e8s24mzpy3yibqf02ykvd301ud8q2bx0t1c.png

Loss of Intellectual Property

theft of funds p7n2d0lfhx5ykqo2x6cni2xk3y36qkgjy0exbzzncw.png

Theft of Funds from Business and Client Accounts

reputational damage p7n2dctbyrmoro6bxtmswhujtyeyimt2bow8klhj40.png

Reputational Damage

unauthorised transactions p7n2codj12p8dt5twj2i3o0kdxreyi41kbxm3ehrls.png

Unauthorised Transactions

credit card fraud p7n2edh1db0vcgp2zrh93qlizze9utulgqc6adz6dc.png

Credit Card Fraud

installation of malware and ransomware p7n2dtqfds9uknhr70y35dkuiw3kd6o8e0mz7ksg00.png

Installation of Malware and Ransomware

access to systems to launch future attacks p7n2ek1wp59vlqfixcbn36xr5ohucpkptmwknbpf5s.png

Access to Systems to Launch Future Attacks

data sold on to criminal third parties p7n2e6w61grv36yn26mv4a9auaapcy4h3trrxg8xkw.png

Data so to Criminal Third Parties

It is vital that businesses take steps to ensure they are doing all they can to educate staff on the dangers of a phishing attack. Training employees in how to effectively recognise a phishing attempt is key in mitigating the risk to an organisation.

For further information on how you can protect your business from phishing attacks, click here.

For further information

on how you can protect your business from phishing attacks

Download Now

Top Tips to Spot Phishing Attacks

Identifying a phishing email has become a lot harder than it used to be as the criminals have honed their skills and become more sophisticated in their attack methods. The phishing emails that we receive in our inbox are increasingly well written, personalised, contain the logos and language of brands we know and trust and are crafted in such a way that it is difficult to distinguish between an official email and a dodgy email drafted by a scammer.

McAfee estimates that 97% of people around the globe are unable to identify a sophisticated phishing email so the cyber criminals are still successfully tricking people into giving away personal information or downloading malware. Despite the increasing sophistication and convincing nature of these emails, there are still some giveaway signs that may alert us to the presence of a phishing email.

top head image

1. A mismatched URL

One of the first things to check in a suspicious email is the validity of a URL. If you hover your mouse over the link without clicking on it, you should see the full hyperlinked address appear. Despite seeming perfectly legitimate, if the URL does not match the address displayed, it is an indication that the message is fraudulent and likely to be a phishing email.

2. The email requests personal information

A reputable company will never send out an email to customers asking for personal information such as an account number, password, pin or security questions. If you receive an email requesting this information, it is likely to be a phishing email and should immediately be deleted.

What is a Ransomware email? 5 tips for how to detect one. How to spot a phishing scam

3. Poor spelling and grammar

Cybercriminals are not renowned for their top-quality spelling and grammar. Whenever legitimate companies send out emails to customers they are often proofed by copywriters to ensure the spelling and grammar is correct. If you spot any spelling mistakes or poor grammar within an email it is unlikely to have come from an official organisation and could indicate the presence of a phishing email.

Characteristics of a phishing attack

4. The use of threatening or urgent language

A common phishing tactic is to promote a sense of fear or urgency to rush someone into clicking on a link. Cyber criminals will often use threats that your security has been compromised and that urgent action is required to remedy the situation. Be cautious of subject lines that claim your account has had an “unauthorised login attempt” or your “account has been suspended”. If you are unsure if the request is legitimate, contact the company directly via their official website or official telephone number.

5. Unexpected correspondence

If you receive an email informing you that you have won a competition you did not enter, or a request that you click on a link to receive a prize, it’s highly likely to be a phishing email. If an offer seems too good to be true, it usually is!

How to protect yourself against Phishing Attacks

suspicious links icon

1. Never click on suspicious links

The most common type of phishing scam involves tricking people into opening emails or clicking on a link which may appear to come from a legitimate business or reputable source.

By creating a sense of urgency, users are tricked into clicking on a link or opening an accompanying attachment. The link may direct you to a fake website where you are prompted to enter your personal details or take you to a website that directly infects your computer with ransomware.

Legitimate businesses will never send emails requesting you click on a link to enter or update personal data.

Simulated Phishing Tests for Employees
educate staff icon

2. Educate Staff

Companies may have the strongest security defence systems in place, but it offers little protection if cyber-criminals are able to bypass these traditional technological defences and get straight to an employee to trick them into divulging sensitive information.

Over 90% of all successful cyber attacks are a result of information unknowingly provided by employees. As networks become harder to breach, hackers are increasingly targeting what they perceive as the weakest link in a company’s defences – its employees!

As hackers hone their techniques and become more targeted in their attacks, it’s important to educate staff and provide regular training on what they should be looking out for and how they can play their part in preventing a cyber-attack.

Don't let your staff take the bait!

MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. If you would like more information on how this can be used to protect and educate your staff.

Phishing & Ransomware
post online icon

3. Be careful what you post online​

The internet and social media has transformed how we communicate with each other on a day to day basis, however this culture of sharing has provided cyber criminals with an easy way to profile potential victims ensuring their phishing attempts are more targeted and harder to spot.

Hackers are turning to social media sites to access personal information such as age, job title, email address, location and social activity. Access to this personal data provides the hackers with enough info to launch a highly targeted and personalised phishing attack.

To reduce your chance of falling for a phishing email, think more carefully about what you post online, take advantage of enhanced privacy options, restrict access to anyone you don’t know, and create strong passwords for all your social media accounts.

Read our guide to protecting yourself from hackers

To reduce your chance of falling for a phishing email, think more carefully about what you post online, take advantage of enhanced privacy options, restrict access to anyone you don’t know, and create strong passwords for all your social media accounts.

Protecting Yourself from Hackers
protect hackers icon
secure site

4. Verify the security of a site

Before entering any information into a website, you should always check that a site is safe and secure. The best way to do this is to look at the URL of a website. If it begins with a “https” instead of “http” it means the site has been secured using an SSL Certificate (S stands for secure). SSL Certificates ensure that all your data is secure as it is passed from your browser to the website’s server. There should also be a small padlock icon near the address bar which also indicates the site is secure.

click on link

5. Install Anti-Virus Software

Anti-virus software is the first line of defence in detecting threats on your computer and blocking unauthorised users from gaining access. It is also vital to ensure that your software is regularly updated to ensure hackers are unable to gain access to your computer through vulnerabilities in older and outdated programmes.

Protecting your from Phishing Attacks

Request A Demo

Request a free demo today and see how our world-class cyber Security Awareness Training could benefit your organisation.

The demo only takes 30 minutes of your time and you don’t need to install any software.

Request Demo - Master

Request Demo - Header Test

Find out how we keep your data safe – read our privacy policy

Download the eBook

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations

[LP] Ultimate Guide to Phishing eBook

Find out how we keep your data safe – read our privacy policy

Download Confirmation

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations

Find out how we keep your data safe – read our privacy policy.

Request A Demo

Request a free demo today and see how our world-class cyber Security Awareness Training could benefit your organisation.

The demo only takes 30 minutes of your time and you don’t need to install any software.

Find out how we keep your data safe – read our privacy policy.