BotNet News

Phishing is a type of cyber attack that seeks to steal sensitive information such as usernames and passwords, credit card numbers, bank account details and more. The attacker lures the victim in, much like a fisherman uses bait to catch a fish, by masquerading as a reputable source that the victim trusts. This enticing source could be a well-known brand, an individual the victim knows and respects such as their employer or a trusted colleague or an authority figure such as a law enforcement official or government agency.

Attackers often employ a sense of urgency to prompt victims into reacting without examining the message carefully or verifying their response. For example, attackers may claim that an important account will be deactivated if they don’t receive login information quickly. Attackers also use this tactic in phishing emails and texts that include urgent requests for money transfers, such as transferring funds to “your assistant.”

Other attack techniques used in phishing attacks include text-based image obfuscation (where an email contains only an image that appears as text to the user) and lookalike character changes (where attackers subtly change characters in a message or website address so that at a glance they might appear correct). Attackers also often utilize URL redirects and time bombing, which sends the victim to a malicious website when they click on a link in a phishing email.

Educating staff and empowering them with threat awareness training can help reduce the success of a phishing attack. It’s also important that all employees change their passwords regularly to reduce the attacker’s window of opportunity, and keep software and firmware up-to-date to minimize exposure to known vulnerabilities. Lastly, organisations should encourage their contacts to register with DMARC, which helps assure that an organisation’s name is present in the recipient’s email signature, making it harder for attackers to impersonate them.