What Is the Difference Between Phishing and Blagging?

29 May 2024

The cyber security world has a seemingly infinite amount of odd nicknames for very specific cyber attack methods. This can be confusing to the layman or business owner, particularly when many of them seem to mean the exact same thing.

While most people have probably heard the term “phishing” before, many won’t have heard of “blagging”. In this blog, we’ll explore the difference between the two. So what is the difference between phishing and blagging?

Phishing is the act of tricking someone into providing sensitive information by pretending to be from a reputable organisation, such as a clothing store offering a discount. Blagging is a form of phishing but is targeted to a specific individual or group of individuals by using personalised information such as the name of their employer.

Read on to find out more about phishing and blagging, examples of both, what the differences are, and why blagging is such a threat.

Jump to a section:

What Is Blagging in Cyber Security?

In cyber security, blagging, also known as spear phishing, is defined as the act of obtaining sensitive information or unauthorised access to systems, networks, or physical locations through the deception or manipulation of individuals. It involves inventing a scenario to engage with the victim and extract information directly from them. This is a form of cyber attack that relies on exploiting human trust as a vulnerability rather than technical threats.

This means that the attacker impersonates an individual to create a fake social scenario in which the victim might hand over their data or information. This often takes the form of a family member, employer or employee, or an authority figure such as a teacher.

Other common methods include:

  • Eliciting Information: The attacker can pose as someone that is interested in things like job roles or personal interests to syphon information through seemingly innocuous questions without arousing suspicion.
  • Exploiting Relationships: This involves targeting trust relationships such as an employee that has a close relationship with a manager.
  • Building Trust: Here the attacker might try to build a rapport with the victim through finding common ground and engaging in friendly conversations.
  • Pretexting: This involves creating a fake scenario in which it might be reasonable to request information, such as a market research survey.

What Is an Example of Blagging?

A commonly seen method of blagging (that we get all the time), is from attackers that try to impersonate the owner of the business you work at. When we see this, it often comes in the form of an email that pretends to be from the owner of our business.

The email will provide a sense of urgency and a request for some form of information, such as a phone number. Here’s an example of blagging straight from my current spam inbox:

From: Peter Munnelly

Subject: AVAILABLE?

“Hello  Jamie

I want you to handle a task for me now, Send me your whatsapp number and wait for my text.

Sent from my iPad.

Best Regards.”

What Is Phishing in Cyber Security?

Phishing is a cybercrime technique that involves using fraudulent emails, websites, or messages to trick victims into inadvertently providing personal or sensitive information such as passwords, contact information, or banking details.

This is done by creating a fraudulent message that holds some form of bait, hence the name ‘phishing’. This is usually a time-sensitive issue that requires immediate attention, such as a limited-time discount or emergency request. In this way, phishing attempts will play on the victim’s emotions, whether that’s the fear of repercussions if the time limit is not met or the excitement of receiving a reward.

The emails will then apply a call to action, telling the victim to click a link, respond with sensitive information, or grant access to their systems.

Forms of phishing attacks include:

  • Email Phishing: The attacker may pretend to be from a trusted organisation, such as a large retailer offering a discount.
  • Spear Phishing: Targeted phishing attacks that leverage personalised information to gain more credibility. Also known as blagging.
  • Smishing: A phishing technique performed over text message, often asking the victim to click a link.
  • Vishing: Phishing performed over voice calls, impersonating legitimate organisations such as HMRC.

What Is an Example of Phishing?

Phishing is the most widely used form of cyber attack, accounting for 84% of cyber attacks on businesses. There are a wide variety of methods that cybercriminals use to attempt a phishing attack. One common example is where the attacker will fake an email from a bank, requesting you to log in to your account.

The email will then link to a fake login page that mimics the bank’s actual login page. Once the victim enters their login details, the attacker will have the login details to your online bank account, and might even go further. The page could then show an alert asking the victim to call a number to pay fees, which will allow the attacker to extract even more information.

What Is the Difference Between Phishing and Blagging?

While blagging and phishing may be similar in many ways, there are a few key differences that define blagging and phishing.

Blagging is actually a form of phishing, also known as “spear phishing”. The defining difference here is that blagging is more targeted than a standard phishing attempt and usually targets a specific individual or organisation, whereas normal phishing can be sent to hundreds of people. 

Spear phishing will utilise personalised data that the attacker has gained through research, such as looking at who the owner of a business is. This then allows them to contact their employees pretending to be them. 

Why Is Blagging a Threat?

Blagging exploits natural human vulnerabilities and emotions to gain access to information, which makes it extremely difficult to stop. For businesses with multiple employees, it can be especially difficult to know if a member of staff might inadvertently slip up.

This makes blagging a real threat to both individuals and organisations. Because of the range of methods available, attackers can also cause a wide range of damage that covers almost all aspects of business and personal life. Here are a few of the damages that might be caused::

  • Access Information: Attackers may target passwords, login details, access codes, or answers to password recovery questions. This will leave your accounts exposed to further information theft or financial loss.
  • Physical Access: Blagging can also be used to try to gain physical access to properties and restricted areas. This can be used to steal physical items or gain access to systems.
  • Reputational Damage: The potential loss of client data or assets can cause a huge amount of reputational damage to an organisation. This will lose customer confidence, impact your business partnerships, and damage your brand.
  • Financial Loss: Possibly the most commonly targeted area, the aim of many blaggers will be to steal or extort money.
  • Regulations: Failing to adequately protect your data and deal with a blagging attack could expose your business to fines or legal action.
  • Operations: A blagging attack can significantly disrupt your day-to-day business operations by restricting access to systems and taking manpower away from your usual tasks. This can cost thousands in loss of productivity and disruption costs.

How Can Obsidian Networks Help?

At Obsidian Networks, we provide comprehensive cyber security solutions to protect businesses from all forms of cyber attack. This includes everything you need from 24/7 cyber security monitoring to both internal and external penetration testing. We’re also Cyber Essentials Assessors, able to test your systems, advise you on what areas you need to improve upon, and provide you with the coveted Cyber Essentials Certification.

Get in touch with a member of our 24/7 customer support team today to protect your business and grow without risk.