BotNet News

Phishing involves the use of social engineering tactics to trick recipients into downloading malware or handing over their credentials and information. More sophisticated attacks, called spear phishing, involve more personalized messages and are designed to appear as though they are from someone or an institution that the victim trusts. These attackers can also collect identifiable information about a target from their own or compromised accounts on social media to make their message more convincing.

Often, the message is unexpected or creates a sense of urgency that drives the user to act immediately (e.g. a warning that one of their accounts will be terminated if they don’t update information right away). Using cues like poor grammar and misspellings to fake authenticity can help reduce the chances of falling prey to a phishing attack.

A successful phishing attack can result in the theft of confidential and/or personal data, credential compromise, ransomware infections and more. The goal of the attacker is to gain access to an organization’s assets, including employee information and financial data, so that the information can be sold on the black market or used for fraudulent activity.

The most common method of identifying a phishing attack is to hover the cursor over any links in the email to see if the text displayed matches the link description. The phisher may have spoofed the hyperlink or website address to mask the real destination of the malicious site. Other indicators of a phishing attack are misspellings and inconsistent formatting, as well as requests to perform non-standard activities such as installing software on the computer that is usually handled by the IT department.