BotNet News

The goal of Phishing is to trick victims into revealing confidential information or clicking on malicious links, which often download malware, spyware, ransomware and other unwanted software. Attackers use tactics like fear, curiosity, a sense of urgency and greed to compel users to click or open attachments.

One of the most common phishing strategies involves attackers impersonating brands and organizations that the victim is familiar with. By using logos and fonts identical to those of the target, phishing emails appear more authentic. Additionally, attackers frequently use URL shortening services to mask malicious link locations.

Another way attackers spoof sender identities is by creating email addresses that mimic those of legitimate domains. In addition to domain spoofing, attackers sometimes use email spoofing to create fake from and reply-to names.

A good rule of thumb is to treat all unsolicited messages with suspicion. If an email contains a request for financial or personal information, verify that the request is valid via another communication channel such as an employee’s office line or a verified Web portal.

Employers can help their employees recognize phishing attacks by implementing security tools that detect malicious messages and alert users to the risk of responding to an unauthenticated link or submitting sensitive information. Supplementing employee training with multi factor authentication (MFA) also helps thwart hackers who attempt to phish for passwords. MFA requires more than a password to access a corporate system or service and can include a one-time code sent to a user’s mobile phone, the requirement of a physical security token or biometric ID, and other methods.