BotNet News

Phishing involves a coordinated attack by attackers to obtain sensitive information such as passwords, login credentials and credit card details from victims. The attackers typically impersonate a known and trusted source such as an institution, employer or even the victim themselves and ask for confidential information to be provided over the phone or internet. This information is then used for criminal purposes such as stealing money from the victim’s bank account, running up credit cards or even committing identity theft in the worst case.

Often, emails from attackers will include a sense of urgency such as an alert that a specific account will be deactivated or a message that claims that personal information needs to be updated online immediately in order to prevent fraud. The attackers also use link manipulation techniques to make links look like they connect to a legitimate website but actually redirect to a site that collects the victims private information.

Another popular method of phishing is social engineering where attackers gather background information from the victim by relying on public resources such as their social networks. This is then used to create a convincing fake message that appears to come from a trustworthy source.

Several simple measures can be taken to protect against phishing attacks. The most important thing is to never respond to unsolicited requests for information by email or telephone. Reputable organisations will never ask for personal or financial details via email and if a URL is shown in an unsolicited message, the user should always hover their mouse over it to reveal the true web address of the destination. Also users should remember that passwords should be changed regularly to reduce the window of opportunity for an attacker and install firewall software to prevent phishing software from installing onto the computer system that can silently eavesdrop on outbound traffic and send private data back to the attacker.