BotNet News

Your source for Online Security News


Phishing is the malicious act of tricking someone into handing over information such as passwords, account details and credit card numbers. Typically, attackers impersonate a known entity such as Microsoft, Amazon, your bank or a reputable company like a tax authority or insurance firm to persuade you to hand over your personal details. Attackers also use caller ID spoofing to make their calls appear legitimate.

Attackers often try to create a sense of urgency in their messages. This is done to force you into taking a quick action without scrutinising the message, which might reveal any inconsistencies. Using casual language and writing style that are out of character for the individual sending the email is another warning sign that it could be a phishing message.

A common method is to request you to click on a link that will redirect you to a website requesting you to enter personal information or download malware to your computer. To stop this from happening, it’s important to only open trusted links and to never send any sensitive information through email.

To help mitigate these threats, organisations are encouraged to implement DMARC (Domain-based Message Authentication, Reporting and Conformance) in their email domains. This will enable their contacts to see whether the message they’re receiving really does originate from them and provides more confidence that emails asking for information actually do come from where they say they do. It’s in everyone’s interest that DMARC is adopted by as many organisations as possible so that attacks are more difficult to perpetrate.