BotNet News

Your source for Online Security News

Phishing is a cyberattack that uses disguised email as its weapon of choice. Messages appear to come from trusted sources like banks, online shops or colleagues and lure victims into handing over sensitive information. Often this will include username and password credentials to breach a corporate network or individual accounts. This type of phishing attack is known as spear phishing because attackers use social engineering tactics to target individuals within an organization.

Attacks can be as low-key as a fake prince asking for financial backing or as high profile as the hack of Apple’s iCloud servers that allowed intimate photos to become public. The most successful phishing attacks involve a mix of social engineering and technical exploits. In addition to emails, phishers can also use digital ad platforms such as Facebook or Instagram to publish messages that look normal but contain malicious code.

Our research finds that phishing attacks are becoming more sophisticated. While most participants could spot an older phishing example (category 1), they struggled with newer examples. These included a phishing message that appeared to be from Canada’s Public Health Agency requesting a file. Despite the spelling and grammar errors, many believed it was legitimate.

The best defence against phishing is to ensure that all users have access to the tools they need to protect themselves. That means ensuring that the organisation has a robust security platform that includes anti-phishing and data loss prevention solutions. This will give employees multiple opportunities to detect a phishing attack, and to take corrective action before it can cause any harm.