BotNet News

Phishing is an attempt to steal personal information like usernames and passwords, credit card numbers, or bank account details. Attackers can use this info to steal money, open new accounts in your name, commit tax fraud, and more.

The word phishing is a homophone of fishing, referring to the technique of baiting unsuspecting victims with an enticing lure in order to catch them. Attackers often impersonate the victim’s bank, employer, coworker or other trusted individuals, a well-known brand like Google or Microsoft, or an official government agency such as the Social Security Administration.

Most phishing emails include a malicious link or attachment that, when clicked, leads to a website created and controlled by the attacker. This fake site can download malware or trick the victim into authenticating on a spoofed login page that sends their credentials to the attacker.

Attackers can also embed a malicious file in the body of an email that, when opened, will run a shell script or Microsoft Office macro and download malware. This type of attack is known as spear phishing.

When it comes to identifying phishing, the NCSC suggests that users look for misspellings and grammatical mistakes, especially if an email is asking them to take action or provide sensitive information. It’s also a good idea to consider whether the message is unusual for the sender; if they are trying to get you to act quickly or in haste, their request may be suspicious.