Phishing email cyber-attacks have to be the most common cyber-attack directed at any organisation. Most are trying to get the victim to reveal their credentials, often for Microsoft 365. Every week I spend time with clients discussing or investigating phishing emails and helping them put systems in place to help defend against these types of attacks. Team training and excellent email AV and filtering are some of the best ways to defend yourself.
However I am often asked how a phishing email functions – here is a good example explained on SANS Internet Storm by Jan Kopriva:
Phishing page with trivial anti-analysis features – SANS Internet Storm Center
Now this may not be a terribly sophisticated attack, however what it does illustrate is the with a small amount of knowledge and some help from the Internet and Dark Web even the less technically able hacker can get into your systems.
Clive Catton MSc (Cyber Security) – by-line and other articles