BotNet News

Your source for Online Security News

Phishing

Phishing is a popular method of attack for hackers seeking to steal usernames, passwords, financial data and other valuable information from unsuspecting users. It is a key part of many massive cyber attacks and is the root cause of numerous devastating breaches across the world.

In a basic phishing scam, attackers send messages that appear to be from a legitimate source, such as Amazon customer support, PayPal, a bank or another recognized organization. These messages are often crafted to resemble actual email communications from those sources and may contain unnerving phrases designed to trick recipients into acting without thinking, such as “Your account has been compromised” or “Your security is at risk.”

A more targeted version of phishing known as spear phishing is used when attackers have specific information about their target. This could include information gleaned from social media, or it could be based on details provided by the victim such as their job title, previous employment or personal interests. In addition, attackers can use artificial intelligence voice generation tools to make a message sound more personal and familiar.

Common warning signs that a message might be phishing include misspelled words, unusual syntax or uncharacteristic urgency. Other signals might include using a generic salutation rather than a personalized one, referring to the recipient by a name that is not theirs or a link to a phony website asking for sensitive information. DMARC (Domain-based Authentication, Reporting and Conformance) is a new technology that can help to reduce the success of phishing attacks by making it harder for attackers to masquerade as a trusted source. The NCSC is encouraging organisations to take the lead and implement DMARC, and to encourage their contacts to do the same.