BotNet News

Your source for Online Security News

Phishing

Phishing is the technique attackers use to trick people into handing over their personal information, usually via email or text message. This can include passwords, account details or even their Social Security number. Attackers can then use this information to breach systems, steal money or simply make you feel vulnerable. It’s no wonder that phishing is seen as one of the biggest cybersecurity threats out there.

Messages can be incredibly sophisticated, with attackers using everything from photo rips off the internet to stock images or even a victim’s own social media profile in an attempt to create a convincing fake. Others can be very basic, using a sense of urgency to encourage victims to act – such as an urgent message from their bank or a claim that they’ve won the lottery. Often these messages will also contain links that either deliver malware or direct the victim to a phishing site.

For attackers, the main objective of a phishing campaign is to gather as much data on the target as possible so that they can exploit it later. This could be to steal money, gain access to a system or, in the case of the recent attack against Hillary Clinton campaign chair John Podesta, get his passwords to gain control over his Gmail and other accounts.

As a defence mechanism, organisations are encouraged to sign up to DMARC (Domain-based Authentication, Reporting and Compliance) which will help to reduce the impact of phishing on their reputation by ensuring that emails sent out by the organisation actually come from where they say they do. However, a multi-layered approach to defence is needed to be effective – technology, process and people all need to work together.