Stop Phishing Attacks | Protect Your Inbox - Everything Tech

These days, phishing isn’t always loud and obvious; it’s often quiet, targeted, and designed to slip right through the cracks. And they’re no longer just about stealing passwords; they’re designed to compromise inboxes, hijack conversations, and redirect money through highly convincing social engineering.

These are the emails that lead to Business Email Compromise (BEC), and they’re getting smarter every month.

How Phishing Attacks Have Evolved in 2025

AI-crafted phishing emails are making detection much harder. They sound natural, reference real people, and can mimic your tone of voice.

Attackers lurk before acting. Once inbox access is gained, they monitor real threads before stepping in, often posing as senior staff or suppliers.

These emails rarely contain links. Instead, they rely on trust and urgency, making them harder for traditional filters to catch.

Real-World Phishing Example: Manchester Legal Firm Scam

A Manchester-based legal firm’s finance assistant received a reply to a real email thread with a supplier. The sender (actually a criminal using a lookalike domain) asked to “update payment details.” The language was polite, natural, and not rushed.

How the Phishing Email Looked

Referenced recent work completed

Used an exact signature, with the right contact photo

Contained no links — just a new invoice PDF and a request for payment

The £42,000 payment went through before anyone spotted the fraud.

How to Spot and Prevent Phishing Attacks

Slow down: Most phishing succeeds because someone felt rushed. If an email feels urgent, take a second look.
Verify outside of email: Use a known phone number or Teams chat to confirm any sensitive request.
Inspect the sender: Look closely at the domain name — e.g. @firm.co.uk vs @flrm.co.uk. One letter can mean the difference.
Flag and forward: Don’t delete suspicious emails — flag them and forward to IT or Everything Tech. That helps protect others.

How Everything Tech Protects Your Business from BEC Attacks

Rolling out AI-aware email threat detection tools to catch subtle phishing attempts.
Offering phishing simulation campaigns tailored to all industries
Helping businesses set up stronger inbox protections (DMARC, SPF, DKIM).
Advising on policy and process to reduce risk (like verifying payment changes).

If you’d like us to run a phishing simulation for your team, or review a suspicious message you’ve received, just let us know.

👉 Email [email protected] or reach out to your account manager.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	6 months	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::b	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::f	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__oauth_redirect_detector	past	This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
_mailmunch_visitor_id	never	Mailmunch sets this cookie to create a unique visitor ID for the Mailmunch mailing list software.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mailmunch_second_pageview	never	Mailmunch sets this cookie to manage subscription service to mailing lists.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements by tracking user behaviour across the web, on sites with Facebook pixel or Facebook social plugin.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Inside UK Phishing: The Evolving Threat to your Inbox

How Phishing Attacks Have Evolved in 2025

Real-World Phishing Example: Manchester Legal Firm Scam

How the Phishing Email Looked

How to Spot and Prevent Phishing Attacks

How Everything Tech Protects Your Business from BEC Attacks

Latest resources

Social Engineering and Social Media: What to Look Out for and How to Stay Safe

What You Need to Know About the Microsoft 365 E5 Security Add-On

Team Takeover: Tom Neilan, Service Delivery Manager at Everything Tech

Find us

Policies

Contact us

Follow us

Our accreditations

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__racnt	session	No description available.
__racplx0	session	No description available.
__racplx1	session	No description available.
__rafm	session	No description available.
__rasel0	session	No description available.
__rasel1	session	No description available.
__rasesh	2 years 9 months 23 days	No description available.
__ratel0	session	No description available.
__ratel1	session	No description available.
_cfuvid	session	Description is currently not available.
_hjSession_2674997	30 minutes	No description
_hjSessionUser_2674997	1 year	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
li_sugr	3 months	No description available.
lpv271502	30 minutes	No description
visitor_id271502	10 years	No description
visitor_id271502-hash	10 years	No description

Share

How Phishing Attacks Have Evolved in 2025

Real-World Phishing Example: Manchester Legal Firm Scam

How the Phishing Email Looked

How to Spot and Prevent Phishing Attacks

How Everything Tech Protects Your Business from BEC Attacks

Latest resources

Social Engineering and Social Media: What to Look Out for and How to Stay Safe

What You Need to Know About the Microsoft 365 E5 Security Add-On

Team Takeover: Tom Neilan, Service Delivery Manager at Everything Tech

Find us

Policies

Contact us

Follow us

Our accreditations