BotNet News

Phishing is a form of cyberattack in which attackers disguise malicious attachments and links in emails that appear to be from a trustworthy source, such as a friend or business contact. Those malicious attachments or links direct victims to fake websites that attempt to collect sensitive information like usernames and passwords, or credit card numbers.

Attackers use a variety of social engineering tactics to lure users into clicking phishing links. For example, attackers will often create fake social media accounts to impersonate brands and ask for help via those channels. This tactic takes advantage of the fact that customers are accustomed to reaching out to brands through their social media platforms.

Other common phishing tactics include the use of fake forms to request personal or financial information, which can then be used for a variety of illegal purposes. Attackers also take advantage of urgency by creating time pressure to prompt victims into acting quickly. This is why phishing attacks tend to spike around holidays or events where consumers are more likely to be under pressure to act quickly, such as during the recent holiday shipping season when attackers were targeting Amazon customers with fake shipping scams.

Other telltale signs of a phishing message include misspellings and awkward phrasing. Those should be enough to raise suspicion, but attackers also make subtle changes to email and web site addresses. Examine the full email address and web link carefully, especially on a mobile device to spot these lookalike character changes. Also, don’t respond to an email or text message that requires you to perform non-standard actions, such as installing software. Instead, reach out to the sender through a different channel, such as their phone or in person.