BotNet News

Phishing is one of the most widespread and costly cyber threats today. For individuals, it can mean stolen money and fraudulent charges on credit cards, or a loss of access to photos, videos, files and other personal data. For organizations, it can mean a financial hit and a negative impact on customer and employee trust.

Scammers are getting more creative and sophisticated in their attacks. They impersonate well-known brands, so that the message looks authentic and the recipient is likely to believe it. They use phishing to gain access to usernames and passwords and steal personal information, like bank account numbers or Social Security numbers. They also use phishing to distribute ransomware, which restricts access to data and demands a fee to restore it.

In a typical attack, attackers target higher-level employees, often in finance, sales or research and development. They send an email disguised as a vendor invoice, company memo or other document. The lower-level employee is likely to believe the request because of its authenticity and urgency and may provide login information or transfer funds without double checking.

Another common phishing tactic is “whaling.” In whaling, attackers target senior leaders in the business by using fake email accounts to trick them into downloading malware. The attackers then use the victim’s email, including file-sharing features, to conduct a more targeted attack against other employees. Attackers also use text messages, known as smishing, to trick victims by posing as their wireless provider or other service providers.