BotNet News

Phishing is a technique criminals use to steal your personal information, login credentials or credit card numbers. Attackers often impersonate a company or person you trust in an email, text message, advertisement or other communications to trick you into handing over your sensitive data.

A classic phishing attack, for example, impersonates a bank and asks you to click on a link that appears to take you to the bank’s website to fill in your details. But when you do so, it goes straight to the attackers’ servers.

Other types of phishing include whaling (targeting executives in order to get them to transfer money), vishing, smishing and qishing (using voice, SMS messages or QR codes). These tactics are often targeted at companies that have a high value target (such as the CEO). Attackers will research their targets in advance to create more convincing messages and increase the likelihood of the attack succeeding.

The NCSC has published a helpful Phishing guidance that outlines tailored cybersecurity controls for organisations. The guidance focuses on people, process and technology – all of which must be implemented and supported by the organisation for defences to be effective.

The NCSC is encouraging all organisations to lead by setting up DMARC and asking their contacts to do the same. This will give you much greater confidence that the emails you receive are legitimate. It will also help reduce the number of phishing attacks that are able to make it past your organisation’s defences.