BotNet News

Phishing is one of the most common cybersecurity threats. It’s a social engineering attack that involves attackers impersonating trusted contacts through email or text to steal data like login information, account numbers, credit card info and other sensitive information. Attackers can use phishing to commit a variety of crimes including monetary theft, account takeovers and espionage. Since phishing relies on human vulnerabilities, cyber security tools and protocols cannot always catch these attacks in progress.

Phishers are able to trick recipients into taking an action by creating “bait” messages that appeal to emotions such as fear, greed or curiosity. They may also make their messages look legitimate by impersonating trusted brands and organizations. Bulk email phishing is when attackers send out a high volume of phishing messages to large numbers of people, while spear phishing is when cybercriminals target specific individuals or companies.

Scammers often target holidays or other events to lure people into lowering their guard. For example, phishing emails targeting Amazon customers tend to spike around the site’s annual sales event, Prime Day.

Attackers can also tailor a phishing message to an individual by using personal or business details they glean from the internet or other public sources. This type of phishing is known as whaling, and it can be more effective than a blanket approach. It’s important for employees to understand what to watch out for and learn to scan for red flags in their everyday work. They should also use multifactor authentication where possible and create complex, unique passwords that are stored in a password manager.