BotNet News

Phishing is an attack that exploits a vulnerability in the security of information systems to steal data or infect computers with malware. Attackers can use phishing to gain entry into organizations’ networks, access personal accounts, steal money or information, and take other malicious actions (Olsson, 2013).

Most phishing attacks are financially motivated. For example, attackers can steal account credentials to hijack a company’s network, download ransomware that restricts access to data and demands payment to regain control, or steal personal data to run up credit cards and other debt in the victim’s name.

A common way to commit phishing is by impersonating a trusted source. For example, attackers may send an email pretending to be a bank help desk that asks the victim to click a link that steals their login credentials. The email may also include a sense of urgency to act quickly, such as a threat that their information will be deleted or they will lose access to a service.

To keep employees safe, companies should reinforce employee training on how to recognize phishing attempts and encourage them to verify requests for sensitive information or money through other means. This may include using a phone number or email address they have previously bookmarked, rather than clicking a link provided in the message. Similarly, an email that uses a fake URL should be flagged as suspicious—legitimate businesses will never use non-HTTPS addresses. Other red flags in a phishing attempt include grammar and spelling errors, excessive use of capital letters, and unusual or urgent language.