What is Phishing?
Phishing is when an attacker attempts to deceive users into engaging in 'undesirable actions,' such as clicking on a malicious link that can install harmful software or leading them to an untrustworthy website.
Phishing is when an attacker attempts to deceive users into engaging in 'undesirable actions,' such as clicking on a malicious link that can install harmful software or leading them to an untrustworthy website.
A recent phishing campaign that we have seen in Northern Ireland involved staff receiving emails from compromised contacts indicating a file has been shared. There were three stages email users should be made aware of.
Users receive an email from a known contact indicating a file has been shared.
Users are directed to a webpage displaying a PDF icon and link to open.
Clicking ‘Open’ directs users to a spoofed ‘Sign In’ page which will compromise credentials.
Organisations can obtain advice on safeguarding against phishing attacks on the National Cyber Security Centre's website.
Any organisation impacted by a compromised email account can report to Action Fraud or 0300 123 2040