BotNet News

Your source for Online Security News

Phishing refers to an email or social media message that impersonates a trusted source and tricks the recipient into clicking a malicious link, downloading malware or handing over sensitive data. This information is used by attackers to steal money, passwords or other credentials for accessing corporate systems or personal accounts.

The most common form of phishing involves email messages that look like they come from the victim’s bank. Attackers use scare tactics (such as claiming an account will be suspended) to persuade victims to click a link that takes them to a fake banking website where they are prompted to enter their credentials. This gives attackers the username and password for the victim’s account to then access personal information, or even their entire online banking history.

Other forms of phishing include spear phishing where attackers target high-privilege accounts in a business and convince them to divulge their passwords and other credentials. Other phishing techniques include pharming, which installs malware on a user’s computer and then redirects them to a phishing website. Another technique, called angler phishing, involves attacking social media users via messages that appear to be from popular app or software vendors.

The most effective way to combat phishing is by educating your users on what phishing looks like and how to recognize the red flags. Some of these signs to watch for include a misspelled or grammatically incorrect name, a request for an unusual action and the absence of a “report phishing” option.