BotNet News

Your source for Online Security News

Phishing is an attack that attempts to trick a victim into divulging personal information via a deceptive computer-based means. The attackers often impersonate a well-known brand or organization and try to entice the victims by playing on their fears or desires. Some examples include claims of a prize win or a warning that your account has been hacked and you need to login to take action. Others entice the victims to click on malicious links or attachments that are designed to download malware, ransomware or other attacks to their device or network.

Attackers are no longer limited to only email as a medium for carrying out phishing attacks. The proliferation of social media, mobile devices and web applications have allowed attackers a variety of new targets.

For example, attackers can now target users of popular apps and software-as-a-service (SaaS) applications by spoofing emails sent from those vendors. Attackers can also harvest a user’s public profile, photos and other personal details to pose as a friend or colleague.

For this reason, it is more important than ever that organisations lead by example and set up DMARC. This will give a good indication of which emails actually come from your organisation, rather than another. It will also make it much more difficult for attackers to gain your trust by pretending to be you! This is why the NCSC is encouraging organisations to set up DMARC and ask their contacts to do the same.