BotNet News

Your source for Online Security News

Phishing is a technique used by attackers to steal sensitive information and/or download malware on the victim’s device. Attackers use various methods to initiate phishing attacks, but the most common is by sending an email that either contains malware or leads victims to a website/form designed to capture certain types of information (personal details, bank deatils etc). The attack can be triggered by clicking on a link, or simply when the victim opens the email.

Attackers usually impersonate well-known brands (banks, online retailers, popular apps etc.) to make their phishing emails appear more convincing. This is done to increase the likelihood that a victim will interact with the malicious link and potentially provide their credentials. These credentials are then collected and used for fraudulent activities (attack execution phase) or sold on the secondary market (Valuables acquisition phase).

The goal of phishing is to trick recipients into taking action without thoroughly vetting the request. To do this, attackers often create a sense of urgency by telling victims that their account has been compromised or that they need to act now to prevent more damage. This causes people to take action on impulse, which can lead them to download malware, enter their credentials in a fake website or share confidential information with strangers.

To help their employees spot phishing links, companies can encourage them to check for spelling and grammatical errors, and look out for shortened URLs. They can also advise their employees to hover their mouse over a link to view the actual URL and ensure it matches the message sender’s domain name.