BotNet News

Your source for Online Security News


Phishing is a form of social engineering that involves an attacker attempting to trick users into downloading malware, divulging credentials or information or providing funds. The attacker may pretend to be a tech support company, a financial institution or the IRS, among others. Attackers use phishing to steal passwords, personal and business information (PII), banking logins and other valuable data from victims.

Attackers can spoof email addresses and phone numbers and use software to impersonate other people and organizations, resulting in vishing calls, smishing text messages and other attacks. They can also send documents via U.S. mail or direct message on social media with fake names and official-looking seals such as the Office of Inspector General or Social Security Administration. They often try to pressure victims into transferring money using gift cards, prepaid debit or credit cards, wire transfers or cryptocurrency. They may also request that the victim move their money into a “protected” bank account.

While misspelled company names and jumbled website URLs were common clues of a phishing ploy in the past, cybercriminals continue to refine their scams. Now, seemingly legitimate links can hijack a browser or mobile device to take the user to a fraudulent site through technical code buried in the message.

In addition, the rise of instant-messaging apps such as Facebook Messenger and WhatsApp has provided attackers with a whole new attack vector. As a result, users must remain vigilant to suspicious-looking messages sent through these channels, as well as on traditional email. They should always ask a trusted colleague if an unexpected message is legitimate before clicking on a link or providing information. It is also recommended to use a password manager and enable two-factor authentication for all accounts, as well as to review privacy policies and opt out of mailing lists.