BotNet News

Phishing is a criminal enterprise that targets individuals and businesses to steal personal information like account numbers, passwords, and Social Security numbers. With the information stolen through phishing, threat actors can take money out of your bank account or run up bills on credit cards under your name.

Attackers use several types of phishing techniques, including vishing (using a text message), pharming (a two-phase attack that installs malware on a device and uses DNS poisoning to redirect victims to a spoofed website), angler phishing (which targets users through social media direct messaging services) and spear phishing, which targets high-level employees with personalized attacks that can trick even seasoned anti-phishing professionals. Attackers also time phishing campaigns around events, such as holidays, to catch people with lowered guards.

Generally, any email or Internet message that asks for personal information should be treated with suspicion. Legitimate institutions, such as banks, will never request login credentials or other sensitive information via email. Be cautious of messages that include threatening language or urgent phrasing designed to rush you into clicking links. Watch for spelling and grammatical errors, which are common in phishing emails.

Check email attachments before opening, and always check URLs for a padlock icon that denotes a secure site. A spoofed padlock may be a dead giveaway to a phishing attack, especially if it’s missing the green “https” in the address bar. A quick Google search can often reveal if a website is fake, but it’s best to only communicate with known senders through established channels.