BotNet News

Your source for Online Security News

About Phishing

More than 20 years later, phishing attacks are still around, and they’re as dangerous as ever. While attackers have tweaked their techniques over time, the fundamentals remain the same, relying on humans to hand over sensitive data. That data, in turn, can be used to breach a network or compromise an account.

Recognizing phishing attempts is easy with a little bit of know-how and discipline. For starters, consider if an email seems off, strange or out of the ordinary. If it does, be extra careful and don’t click on any links or attachments — even if they look authentic. A great resource from KnowBe4 provides a list of 22 social engineering red flags that attackers frequently use in their messages.

Attackers often use fear to gain your attention, claiming that there’s something wrong with an important account or that your password needs to be changed right away. Other common messages say you’ve won a lottery or some other outrageously lucrative offer, or claim to be from your bank or other financial institution looking to verify information or online shops trying to verify nonexistent orders.

Spear phishing attacks are a popular technique targeting high-privilege accounts within an organization, often to steal login credentials that can be used for additional attacks. These attacks typically appear as a private message on Twitter, a phone call (also known as vishing), or an instant messaging app (aka smishing). The goal is to get users to click on a malicious link that will take them to a spoof website and authenticate their username and password for the attacker to steal.