BotNet News

Phishing is a criminal attack used to steal information like usernames, passwords and credit card numbers. By masquerading as a reputable source with an enticing request, attackers trick people into sending sensitive information to the wrong destination.

Attackers often use a sense of urgency to get victims to act without examining or verifying the message. Urgency can be caused by words such as “last chance”, “act now” and “financial emergency”. It can also be caused by a message that asks for urgent action without a proper approval process, for example transferring money urgently (without going through normal payments approval).

Another way attackers create a sense of urgency is by using familiarity. If a phishing message looks or sounds like it’s from your boss, manager or CEO, or an agency that you work with, then it could trick you into clicking a link or handing over personal details. Attackers can also use familiarity by mentioning specific things you’ve discussed with friends or family.

Finally, attackers will sometimes manipulate email addresses and web links by subtly changing characters. For example, an attacker might swap an uppercase i (‘I’) with a lowercase l (‘l’). The change is hard for software programs and people to spot, but can be enough to make the address or URL look suspicious.

To help prevent phishing, organisations can set up DMARC and encourage their contacts to do the same. This will help to ensure that emails that claim to be from an organisation actually are, and that the information being requested is legitimate.