BotNet News

A phishing attack occurs when an attacker poses as a company or business, such as a bank or credit union, and attempts to trick recipients into handing over their username and password credentials so that the hacker can access their account. The attacker can then harvest personal information and use it for nefarious purposes, such as identity theft or money laundering. Often, the attacker will make the request using an uncharacteristic sense of urgency, such as a deadline for sending wire transfers or warning about a data breach that needs to be addressed immediately.

Attackers resort to phishing because they can’t exploit technical vulnerabilities in your device’s operating system. Even the most secure systems can be compromised if users are convinced to hand over their passwords to strangers by a convincing fake.

Phishing attacks can be delivered via email, but have also extended to social media, SMS messaging services (aka “smishing”) and apps. In general, the goal of a phishing attack is to get the victim to click on a link or download an attachment that will lead to malware. This can include spyware, ransomware or other malicious software that is designed to steal information, such as bank accounts or credit card details, or gain access to the victims’ devices and network.

Training employees on how to spot suspicious emails, such as an oddly worded sender name or a link that looks unusual, should be part of an organisation’s security program. A robust and supportive process for reporting suspicious email should be in place, as well as a reiteration that personal information should never be sent in an unsolicited email. Getting organisations to set up DMARC and encouraging their contacts to do so will help make it harder for hackers to fake messages.