BotNet News

Phishing is a cyber attack that uses social engineering techniques to steal sensitive information (login credentials, credit card numbers, passwords) and other valuable data from a targeted user. Attackers can use a variety of mediums to carry out the attack including email, websites, instant messaging, mobile systems and even phone calls or text messages.

Attackers try to create a sense of urgency or fear in their victims to prompt them into taking quick action without carefully considering the authenticity of a message or a request. They also often use common mistakes like poor grammar or misspellings in an attempt to seem more legitimate.

Employees should always take five seconds to read an email before responding or clicking a link. The best way to identify phishing is to look for red flags. A message that asks for immediate action is usually a phishing attempt. It may also be a scam to get employees to click on a link that installs malware on their computer or devices. Scammers can also impersonate a trusted source in order to gain access to sensitive information, such as a bank helpdesk, medical provider or government agency.

Emails should be suspicious if they only contain hyperlinks and not additional content. Employees should be encouraged to hover their mouse over links to reveal the actual URL that would be opened if clicked. Also, links that are not secure (not using HTTPS) should be suspicious. Additionally, links that are shorted through services like Bitly and TinyURL should be avoided because attackers frequently use these sites to hide their real URL.