BotNet News

Phishing is an attack technique that uses lures to trick victims into handing over valuable data — often a username and password — which the attacker can use to breach a system or account. It’s been around since email’s inception, and attacks continue to evolve as technology does.

For example, some phishing emails play on fear or greed, with messages like “URGENT: Message from your bank” or “You’ve won the lottery.” The goal is to get the victim to click through a malicious link or download an attachment. Others go for a more sophisticated approach by posing as a familiar contact on social media. Attackers will then engage in a dialogue with the victim, often asking them to move communications over email or mobile messaging apps where they can more easily spread malware or steal credentials.

More recently, attackers have been using advanced technologies to personalize phishing attacks. One popular technique involves impersonating a trusted manager or family member over the phone to convince a victim to authorize fraudulent transfers of funds from their business to an external account. AI voice generators are also being used to create realistic-sounding audio clips that make it more likely an employee will fall for the ruse.

To protect against phishing, educate employees to be sceptical of any messages that look suspicious. Encourage them to always check the URL of a site before entering any sensitive information. Make sure they’re using HTTPS sites rather than the less secure HTTP, and to enable multi-factor authentication (MFA) on all their accounts where possible.