BotNet News

Phishing is a type of social engineering attack where cybercriminals trick victims into clicking malicious links or downloading malware via email, text messages or phone calls. A cybercriminal can then steal sensitive information such as passwords, bank account details or credit card numbers, which they can use for financial gain, to blackmail the victim, or to spread infections on the victim’s network.

The most common form of phishing involves attackers impersonating trusted contacts or organisations, often using urgent language and fear tactics to persuade victims into clicking links or downloading attachments. They may also target specific individuals or companies with spear phishing attacks. Spear phishing is an increasingly popular attack type, as it allows attackers to personalise their approach and add credibility. Other forms of phishing include smishing, which targets victims with fraudulent SMS messages, and vishing, which uses robocalls to impersonate organisations like Microsoft, banks or even emergency services.

While the best defence against phishing is human vigilance, it’s important to note that phishing is increasingly sophisticated. This is due to the rise of technology such as artificial intelligence (AI), which can help fraudsters to communicate more clearly, scale their attacks and target users of all languages. AI can also remove poor grammar and idiosyncrasies from emails, to make them appear more convincing.

For example, legit communications from a company you know and trust (e.g., your bank, credit card company or payment service) should not contain grammatical errors or be addressed generically such as “Dear Sir/Madam”. If you receive an email from a familiar organisation with which you do business that is different in these respects, it is likely a phishing attack.