BotNet News

Phishing is a cybercriminal activity in which scammers attempt to trick users into clicking on malicious links or attachments that will download malware onto their devices. These attacks often target companies and individuals and aim to steal credentials that can be used for unauthorized access to accounts or other illicit activities.

Messages can be delivered over a variety of channels including email, instant messaging (IM), short messaging service (SMS), phone calls, and social media platforms. They can be crafted to look like legitimate communications from banks, government agencies, businesses, or people you know and trust, such as a family member or friend. They may be crafted to appeal to your emotions such as urgency or fear, or your curiosity and intrigue. They may be aimed at specific people within your organization such as high-privilege employees or external stakeholders.

Attackers will often use fake logos and other brand assets from the business to which they are targeting, to make the communication appear more legitimate. In addition, attackers will often create a sense of urgency to rush victims into taking action and clicking links. This could be an urgent request to verify information, a warning that an account has been compromised, or the threat of losing valuable data or assets.

Curiosity-driven phishing attacks include emails with intriguing subject lines such as “You’ll never guess what your colleague told me about you,” or “See who has been viewing your profile.” In 2014, Sony lost over 100 Terabytes of confidential company data after attackers posed as employees to send phishing messages with malicious attachments.