BLOG

Phishing & blagging: what’s the difference?

Nov 14, 2022

Phishing? Blagging? What do these words mean? The cyber landscape is awash these days with new and complicated terminology, each new method of attack developed by cybercriminals earning itself a new name for us to learn and try to avoid. But what are they, and what’s the difference between them?

blagging

To understand the difference between phishing and blagging, we first need to establish what each of them is.

Phishing

Phishing attacks are a form of social engineering attack, where a cybercriminal will send a fraudulent message – usually via email – designed to trick the recipient into revealing sensitive information about themselves. This can vary from bank details to passwords and login credentials, with various tactics used to try and get you to hand over this data.

These phishing attacks will usually be generic, impersonating a trusted brand or retailer that you will be familiar with and offering something that adds value to you. A tried and tested example of this is a discount code from a retailer, offering you a percentage off for a limited time only. This tries to get you to click on a malicious link, allowing malware to be downloaded onto your computer, or prompting you to enter your login details, or even – in some cases – taking you through a spoofed shopping process so you ultimately enter card details at the end of the checkout.

Blagging

A blagging attack is a version of a phishing attack, again with its background in social engineering. Blagging is the act of inventing a specific scenario to try and engage with the victim. The scenario will be set up so that it increases the chance that the victim will share their sensitive information or data.

An example of a blagging attack which has become increasingly popular over the last couple of years, involves cyber criminals posing as someone close to you – often a child or grandchild.

They create a scenario pretending that they are your child, and message you saying they have an overdue bill to pay, or they’ve been in an accident and need to quickly transfer a specific amount of money. This will often be followed up by emotive language and promises to call afterwards, as they are “unable to” right at that moment.

These blagging attacks have claimed thousands of pounds from unsuspecting victims, tricked by their desire to help their loved one.

What’s the difference?

Phishing attacks tend to be more generic, whereas blagging attacks will be personalised and use specific examples to tell a story. Furthermore, blagging attacks will be targeted to an individual while phishing attacks can be sent out en masse. Because of this, a lot more thought goes into a blagging attack – which can also be referred to as a spear phishing attack – with research to choose the right target and the right method of attack scenario too.

What to watch out for

No matter whether it’s phishing or blagging, you need to be careful when receiving emails, texts, voicemails, or other communications from everyone. Phishing is easier to identify with tell-tale red flags like misspellings, incorrect brand names and malicious links.

Identifying a blagging attack is harder, however consider how you have communicated with people in the past and try and watch out for anything suspicious. If your daughter always usually refers to you by a pet name and this time she doesn’t – that could be a red flag. Similarly watch out for differences in grammar and spelling.

The most important lesson is that if you receive anything that seems strange or out of character, stop and think before you act.

How Boxphish can help

Boxphish has bespoke courses designed to help you identify these types of emails, covering the different techniques that cybercriminals use and how you can avoid them.

We also offer real-world phishing simulations, which are delivered directly to your inbox and are designed to train your users on what to watch out for. We have a full library of simulations, covering emails you will see both at home and at work to ensure you are fully equipped to identify a phishing email when it lands in your inbox.

To find out how we can help you and your organisation, book a demo with us today and an experienced member of our team will be in touch.

Ready to transform your cyber culture? Book a demo today!