BotNet News

Phishing is a cyber attack that tricks people into divulging sensitive information or downloading malware onto their devices. Attackers impersonate well-known businesses and use a false sense of urgency or fear to get people to act without thinking.

Generally, attackers use email to trick victims into sharing information. But they can also use phone, text and even instant messaging to target people. And attackers can target specific individuals by using their publicly available information online — such as their bank account, birth date or pet names — and by reviewing the privacy settings on their social media accounts.

Employees can help protect the organization by recognizing and promptly reporting phishing attempts. They should always pause and assess a suspicious request to ensure that it aligns with internal policies and procedures. They should be especially careful of emails or text messages that ask for personal information or demand urgent action. And they should be wary of shortened or condensed URLs, as these can hide the malicious web address.

Training employees to recognise phishing attempts is one of the most effective defences against phishing attacks. But to be most effective, this needs to be continuous and widespread. And the technology tools needed to protect against phishing must be integrated and deployed broadly across the organization. This guidance is aimed at technology, operations or security staff who are responsible for designing and implementing defences against phishing in medium and large organisations. It also supports those who deliver phishing awareness and training to staff.