BotNet News

Phishing is the process of tricking individuals or companies into handing over their passwords, banking details, or other confidential information to malicious actors. Cybercriminals typically deploy phishing to collect sensitive data, conduct attacks, or download malware onto targets’ computers or smartphones (Symantic, 2019). Attackers can also exploit software vulnerabilities to take advantage of bugs that affect computer systems and applications. These include buffer overflows, cross-domain attacks, and “zero-day” vulnerabilities that allow attackers to directly attack programs before they are fixed (Kayne, 2019).

Messages that request personal information should be suspicious. Legitimate organizations do not ask for such information via email or phone. Urgent or threatening language is another red flag that something may be wrong. Scammers often use current events to lure victims into clicking without thinking. During the 2018 World Cup, for example, phishing emails claimed that recipients had won tickets to the game through a lottery.

Verify sender information: Look closely at the email address or name. A misspelled name or shortened link is an indicator that the message is a phishing attempt. A generic signature or a lack of contact information is another sign that the email might be a phishing attempt.

Educate your employees to recognize and report suspicious messages. Encourage them to use alternative communication methods if a coworker sends them links or attachments that aren’t supposed to be shared, and to always verify with the person directly before clicking on an unknown link. Additionally, an endpoint protection solution can help prevent, detect, and remove malware that enters a system through phishing attempts.