BotNet News

Your source for Online Security News

Phishing is where attackers use email or text to trick people into handing over information like passwords, account details and even Social Security numbers. This could allow attackers to gain access to a person’s emails, online banking accounts or even their workplace computers and networks, potentially installing malware or stealing information for financial reward.

Phishers can be incredibly creative in their attempts to steal your data and personal details. For example, attackers often present themselves as financial institutions looking to verify account information or online shops attempting to verify non-existent purchases. In more advanced attacks they can also pose as the victim’s manager or even family members using AI voice generator tools to sound convincing on phone calls requesting money transfers from the victim to the attacker.

This guidance provides a multi-layered set of mitigations for organisations to improve their resilience against phishing attacks. It is aimed at technology, operations and security staff responsible for defining defences for medium to large businesses. Smaller organizations may find some of the guidance useful too, but should refer to NCSC’s smaller business guide for more detailed advice.

The term phishing was originally coined from the combination of the words fishing and hacking, with the first letter of each word representing the lure used to catch unsuspecting victims or fish, similar to how hackers try to lure their targets into downloading malware or handing over personal details. The best defence against phishing is to observe general best practices such as being wary of unexpected or out-of-character messages, never opening attachments and always checking the identity of anyone who requests confidential information from you via email or text.