BotNet News

Your source for Online Security News


Phishing is a scam that uses email, phone and text messages to steal personal information or credentials. This info is often used to steal money or gain access to an employee’s computer to access company data. Attackers can also pose as a manager or CEO to trick employees into wire transfers of funds.

The origin of the word phishing is unclear, but it may be related to a hacking subculture in the 1970s called “phreaks,” who used low-tech hacks to exploit the telephone system. One theory of the name is that phishing is a homophone of fishing and references using bait to lure unsuspecting victims.

In the early 2000s, phishing attackers began to target online payment services like PayPal, stealing username and password credentials that can be used to log into accounts. The attacks ranged in sophistication from the less-than-convincing Nigerian prince requests to a highly effective 2003 Mimail virus, which originated with an email claiming to be from PayPal and convinced many users to click a link that took them to a malicious website where they entered their credentials.

The best way to protect against phishing is to ensure that your organization and its contacts use DMARC, which registers a domain name so recipients can be sure they’re getting an authentic message. Additionally, it’s important to avoid clicking links provided in text messages. Doing so can install malware, open malicious attachments or lead to fake websites that are difficult to identify.