What is Phishing and How Can it Be Prevented?
Phishing is a form of cyber attack that exploits trust and the fear of losing something important to trick someone into clicking a link, downloading an attachment or handing over information. This often results in malware, ransomware or sensitive data being stolen and used to commit fraud.
Hackers use phishing emails to impersonate people or organizations, and they also create fake Internet pages that look similar to those of legitimate sites. They may even use URL shortening services to mask malicious links. This makes them harder to spot for victims. Messages are designed to overcome the recipient’s better judgement, often instilling a sense of urgency or threatening dire consequences if they don’t take action.
For example, an attacker might send a message claiming that a bank account will be deactivated unless they provide login credentials. The victim will be tempted to act in the face of this threat by handing over passwords, which are then used to gain access to their real accounts.
In addition to phishing, cyber criminals can also target companies and their employees by posing as management, colleagues or suppliers. This type of phishing is called Business Email Compromise (BEC).
To combat BEC, the NCSC has encouraged organisations to set up DMARC, which will help them identify and verify that the email they receive asking for confidential information or money actually comes from where it says it does. They can then ask their partners, vendors and suppliers to do the same so that it becomes much harder for phishers to spoof authentic domains.