BotNet News

Phishing is a malicious activity that leverages social engineering and cyber attacks to steal personal information or financial data. Cybercriminals employ phishing tactics on email, phone, social media platforms and even chat apps to lure unsuspecting victims into their traps, where they can be tricked into clicking a link or downloading an attachment that downloads malware into the target’s computer system. Once downloaded, malware can then take control of the target’s device and cause serious financial damage. The emergence of new technologies and increased sophistication in phishing attacks creates an ongoing challenge for businesses. To protect employees and their assets, organizations must focus on implementing preventative measures that address both the human and technical elements of phishing.

The first step in the attack cycle involves reconnaissance and intelligence gathering, identifying targets and selecting the attack vector. The attackers then plan the attack by scanning for vulnerabilities to exploit. Some of the most common vulnerabilities include buffer overflow, cross-domain attacks and “zero-day” software vulnerabilities that have yet to be fixed (Putman, 2018).

Once the attackers understand the target and their vulnerabilities, they begin to execute the phishing campaign. They usually begin with an email or text message impersonating a trusted contact. The message may request that the victim click a link or open an attachment, threatening that their account will be terminated if they don’t act now.

Other attack methods include impersonating managers, CEOs and CFOs to convince employees to transfer money or send sensitive data to fraudulent bank accounts. Sophisticated cybercriminals also target users of popular social media and messaging platforms such as Facebook, WhatsApp or Snapchat. They often pose as influencers and celebrities to manipulate their followers into revealing login information or downloading malware.