BotNet News

Despite the best efforts of email filtering software, phishing is still an ongoing and serious threat. This is because, unlike viruses and malware, phishing exploits social engineering rather than any technical vulnerabilities in the operating system of your computer or mobile device.

Phishing attacks are often based on fear or a sense of urgency. For example, attackers may claim that an account will be deactivated or a large sum of money will be lost if the victim does not click on a link or provide sensitive information. Messages that appear to come from someone the recipient trusts can also be successful. Attackers can use spoofing to represent an organisation using their own domain name and corporate logo, or employ techniques such as subdomains or misspelled URLs (also known as typosquatting).

The phishing landscape is evolving and it is important that you and your colleagues are aware of the different types of attack. The NCSC has produced a useful infographic on the most common phishing attacks which you can find here.

A simple rule to remember is that if it sounds too good to be true, it probably is! To reduce the risk of your staff falling victim to phishing attacks, it is worth considering what mitigations are most effective and ensuring you have a layered approach. For example, consider implementing DMARC and encouraging your colleagues to do so as well as educating them on what to look out for in an email from a trusted source.