What is Phishing?
Phishing is a technique used by cyber criminals to try and obtain sensitive information from an organisation; which could be usernames, passwords, financial information etc or access to the company networks.
Typically Phishing, due to the low cost, is usually sent within email campaigns; putting malicious attachments or links into emails and waiting for users to engage with it to give cyber criminals access to information or the organisation. The simple reason that phishing is used by attackers is that they work; around half of cyber attacks in the UK involve phishing. (source: csoonline)
Being able to identify a phishing attempt is the main battle for organisations. If users can spot them, and they don't interact with them, then the attacks don't work. It's a simple step but the most effective way of stopping Phishing attacks.
Every organisation can play a part
The mitigations described here are mostly focused on preventing the impact of phishing attacks within your organisation, but they include some measures that will help protect the whole of the UK. For example, setting up DMARC stops phishers from spoofing your domain (that is, making their emails look like they come from your organisation). There are numerous benefits in doing this:
Your own company's genuine emails are more likely to reach the recipients' inboxes, rather than getting filtered out as spam.
From a reputational aspect, no organisation wants their name becoming synonymous with scams and fraud.
The wider community will also benefit if your contacts (such as suppliers, partners and customers) are encouraged to register their details with DMARC. This can give you much greater assurance that the email asking for information (or money) actually comes from where you think.
Read more about our phishing simulation service here.