BotNet News

Phishing is a technique used by attackers to trick recipients into taking a malicious action that results in divulging sensitive information or downloading malware. It is usually delivered through email, but can also be sent through instant messaging (smishing), voice calls/texts (vishing) and social media sites (SMS-phishing).

Attackers typically impersonate a company or trusted individual in an attempt to induce fear or urgency, prompting recipients into acting without fully thinking things over. The phishing message may contain a link to a fake website, or instructions to download a malicious attachment that can steal login credentials or install malware.

Regardless of the technology you have in place, humans remain the number one security risk. Employees need to know how to recognize phishing attempts so they can take the right steps to report suspicious emails and prevent attacks before they happen.

Common signs that an email might be phishing include poor grammar and misspellings. Additionally, legitimate organizations rarely ask for personal information (e.g., passwords, social security numbers, credit card information) through unsolicited email or over unsecure channels. A sense of urgency or pressure is another red flag – as is an email address that looks off, or how the person is addressed. Training and awareness programs can help, and employees should always hover their cursor over links to see the destination URL before clicking.