What is Phishing?
Phishing is when an attacker attempts to deceive users into engaging in 'undesirable actions,' such as clicking on a malicious link that can install harmful software or leading them to an untrustworthy website.
Phishing
Recent Phishing Examples
A recent phishing campaign that we have seen in Northern Ireland involved staff receiving emails from compromised contacts indicating a file has been shared. There were four stages email users should be made aware of.
Stage 1
An employee receives a phishing email that has been sent by criminals using a compromised known contact detailing a file share that can be accessed via a ‘Secure Portal’.
Stage 2
The recipient is directed to a Microsoft Sway webpage displaying the senders company logo and a link to access the ‘Secure Portal’ in order to view the shared document.
Stage 3
On attempting to access the ‘Portal’, the victim is taken to a Sign In page that will present a ‘captcha’ request.
Stage 4
On completing the ‘captcha’ employees will be presented with a hoax Microsoft ‘Sign in’ page, designed to capture username and password credentials.
Reporting Phishing
Organisations can obtain advice on safeguarding against phishing attacks on the National Cyber Security Centre's website.
Any organisation impacted by a compromised email account can report to Action Fraud or 0300 123 2040