BotNet News

Phishing is a form of cybercrime that uses an attacker’s ability to masquerade as a legitimate source and entice people into handing over sensitive information. Attackers use it to obtain information such as login credentials and credit card details that can then be used to access personal or business data. This data can then be sold on the black market or used to cause financial or reputational damage to the victim.

A typical phishing attack starts with the attacker sending an email or Internet page that looks like a genuine one from a trusted source. For example, the victim might be told that their account will be deactivated unless they provide their login details. Alternatively, the attacker might tell the victim that an unusual transaction has been made and request their bank details in order to investigate.

Attackers can also send messages using social media platforms such as Facebook Messenger, LinkedIn InMail and Twitter DMs. This type of phishing is called Vishing and uses caller ID spoofing to make the message appear to come from a friend or organisation that they know. This can scare victims with warnings about credit card processing problems, overdue payments or legal issues. They may then provide sensitive information or money to resolve the issue.

The NCSC is encouraging organisations to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent their names being used on fraudulent messages. This will reduce the risk of their contacts being tricked into handing over their information or money by making it harder to spoof a genuine email address.