BotNet News

Phishing is a form of social engineering designed to gain sensitive information from the victim for malicious purposes. Attackers collect information manually and/or via automated means during different stages of the attack (Ollmann, 2004).

Generally, attackers use email and the Internet to deliver their threat. Email phishing usually lures victims into clicking on a link, or by directly entering their information onto a fake web page that looks almost identical to the target site (such as your bank). After submitting their credentials, users are often directed to the real institution to verify their identity, which is another opportunity for the criminals to steal their login details.

It’s important to be aware of the dangers of phishing by identifying red flags such as misspelled company names, jumbled website URLs and unsecure pages that use SSL certificates. However, as cybercrime continues to evolve and the ability of attackers to impersonate legitimate organisations improves, it’s even more important that users remain skeptical of unsolicited messages, especially those that appear to come from a familiar source.

NCSC is continuing to work with industry and other organisations to encourage the use of DMARC, which can be used to give greater assurance that emails sent from an organisation actually originates from the correct place. It’s in every organisation’s interest to lead by example and set up DMARC, as well as encouraging their contacts to do the same, so that everyone has a better chance of protecting themselves against phishing attacks.