BotNet News

Your source for Online Security News

Phishing is an attempt to steal sensitive information like passwords, credit card numbers, bank account logins and other confidential data. Criminals use these details to loot your checking accounts, run up bills on credit cards and even get driver’s licenses in your name. It’s an ever-growing threat.

The most common form of phishing involves an email or instant message with a link that connects to a suspicious website. Attackers often hide the malicious link behind legitimate-looking content such as pictures, a logo or a URL. The goal is to trick you into visiting the website, entering your credentials or clicking on a link. The result can be ransomware, malware or other exploits that can lock you out of your device or allow criminals to get inside and use your information.

Attackers also use phishing to target specific people or organizations. They may build an attack around information found on social media sites, company records or through other sources. These targeted attacks can take time to construct. For example, the 2014 Sony breach began with a fake Apple ID verification message that allowed attackers to obtain passwords for high-level employees, who then logged in and shared the information with other hackers.

There are many things you can do to protect yourself and your organisation against phishing attacks. Keep browsers updated regularly, and don’t click on links in emails or instant messages unless you know where they came from. Review websites’ privacy policies and check the box that says you agree to receive their newsletters and updates before you provide your information. Also, consider implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) to improve your organisation’s authentication and sender identification and protect against phishing scams.