BotNet News

Your source for Online Security News

Phishing involves the use of email, phone calls or social media platforms to lure people into giving up their personal information such as passwords, account numbers, credit card details or login information. This data can be used to access an organisation’s internal systems to steal information or to sell it on.

Attackers may target organisations directly, posing as executives or other trusted employees to get inside a company network. This is known as spear phishing. This can be in the form of a false customer query, a fake invoice from a supplier or partner or a request to look at a document. Once an attacker has gained access to a corporate network, they can start spreading more malicious content such as ransomware or exploiting vulnerabilities in web applications.

The attackers might try to trick their victims by using scare tactics or by inducing greed. For example, emails claiming that the victim has won an iPhone or some other lucrative prize are often designed to catch attention by appearing too good to be true. Or, they might play on fear, by telling victims there’s a warrant out for their arrest or that their bank is going to shut down their account.

The NCSC is encouraging all organisations to sign up to DMARC and encourage their contacts to do the same, as this will make it much harder for attackers to impersonate them. This will help to protect their staff, their customers and the wider economy from falling victim to phishing attacks.