Why employees are more at risk of a phishing attack in 2019 than ever before

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.


Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

 For SME owners, cyber-security is usually right at the top of your support shopping list. Never has this been more apparent than in recent months – where reports of data breaches and ransomware attacks have hit the UK headlines.

In August, the government issued a warning after people had received emails purporting to originate within the Ministry of Defence, attempting to make contact or seeking money. It’s exactly this kind of social engineering which cyber-criminals are employing, in order to hook their victims.

By playing to the public’s trust of those in senior positions, SME’s need to be savvy to a new breed of attacker – those which are relying on the ‘Colonel Effect’.

What is the ‘Colonel Effect’?

In short, this is a technique which exploits the chain-of-command within an organisation, by leading a lower-ranked employee to believe they are required to give their personal or financial information to a senior member of the team.

The hierarchical nature of almost every business makes them an ideal target for a phishing attack. And, by helpfully ‘adverting’ the operational structure online – whether on a company website or personal social media page – cyber-criminals have all the information they need to launch their attack.

How do phishing attacks work?

Usually, an email will be delivered to the employees as though it’s been sent from the CEO or a member or the HR team. The content asks the recipient to share details to a new supplier, or transfer money into an account.

By playing on human behaviour rather than weaknesses in technical infrastructure, cyber-criminals can coerce individuals to impart their personal details, by posing as a person in a position of power.

How can I stop a phishing attack in my business?

The success of a phishing attack using the ‘Colonel Effect’ principle is very reliant on a business having poor internal communication or a smarter organisation where the employees will be familiar with the MD, but might not necessarily have an open line of communication with them.

Indeed, more robust cyber-security software can help SMEs to combat the problem, it’s also vital to have internal measures in place which can assist in flagging, addressing and communicating potential threats.

  • Internal communications – empowering employees to question a suspicious email will provide an extra level of protection. Ensure your team know who the go-to person is if they feel concerned.
  • Check your links – it’s always worth typing the URL directly into your browser to be sure the name or link in the message doesn’t divert you to a nasty website.
  • Look at the email address – although, at first glance, an email might look genuine, you’ll usually spot some anomalies if you look closer. The formatting of the sender’s account is often a giveaway – it will mimic the style but not be the same. Your email may be joe.bloggs@emailaccount.com and the scammer may use something as similar as joebloggs@emailaccountmail.com.
  • Avoid public Wi-Fi - whether you’re between meetings on public transport, or taking a break in a café, never use unknown or public Wi-Fi without a password. Insecure connections provide cyber-criminals with a prime picking when it comes to attacks, as they can unwittingly redirect you to phishing pages while you surf the internet.
  • Bolster your basics – Make sure your IT provider is looking after all elements of your cyber-security. Keep all systems current with the latest security patches and updates, and install a spam filter to capture any unwanted mail.

If – after all that – you’re still unsure whether an email is genuine, play it safe and never enter your personal details. If you think you’ve input your name and password into a fake portal, immediately change your password.

For more advice on cyber-security, read our dedicated web page where you can also request a free cyber-security audit for your business.  


Why employees are more at risk of a phishing attack in 2019 than ever before