BotNet News

Phishing is an attack by hackers to steal personal information and/or install malware on the victim’s device. Typical attacks involve a malicious link or attachment in an email. Attackers use public resources, such as social media, to gain insight into the target and create a credible fake message. Once the attacker has the information they need, they deploy an attack.

Often, attackers rely on the sense of urgency created in victims to trick them into sending personal information or clicking on links that camouflage malicious code. For example, attackers may claim that a certain account will be suspended unless the victim clicks on a link and provides a password.

Other common signs of phishing include misspellings and grammatical misuse, which most people will catch if they reread their emails with the aid of spell-checking tools. The fact that an email requires non-standard actions such as installing software is also a red flag.

In addition, phishers will sometimes modify the text in their links to hide the malicious destination address. This is known as hyperlink manipulation and is another way that phishers can escape detection by phishing filters.

If an email looks suspicious, it is best to contact the organisation directly by phone or in person rather than clicking on the link provided. This will help to protect the organisation’s reputation and keep employees safe. As an additional level of protection, the NCSC encourages organisations to set up DMARC and ask their contacts to do so too. This will give them much more confidence that an email requesting information actually comes from where it claims to be.