BotNet News

Phishing is a malicious attempt to steal sensitive information such as usernames, passwords, credit card numbers and other data that can be used for fraud, identity theft and other illicit activities. By masquerading as a reputable source with an enticing request, attackers bait their targets into taking action and then harvest the information to use or sell.

Phishing can be delivered via email, phone calls, text messages or even Wi-Fi spoofing (where the attacker uses software to create a fake free Wi-Fi hotspot that they then use to gain access to users). The typical attack vector is for phishing emails to appear to come from a trusted source such as a bank, online shopping site or social media network and ask victims to supply their login details or account information. This data is then used to breach the victim’s accounts and commit fraud, typically by stealing money, buying goods and services or creating fraudulent loans.

Some phishing scams may also contain links or attachments that download viruses and other malware onto the user’s device and enable attackers to monitor their activity. This is particularly common with bogus ‘emergency’ email notifications claiming that the user’s financial account has been compromised, their school is closing or other significant events.

The NCSC encourages organisations to set up DMARC, which helps to identify whether an email asking for personal or payment information really comes from the organisation it claims to be from and makes it much harder for phishers to succeed. We also recommend that people think about what personal information they share on their public profiles and review their privacy settings, as this can help reduce the risk of being phished.