BotNet News

Phishing is a malicious attempt to steal information, download malware, or compromise a computer system for illicit gain. Often, attackers use social engineering tactics to acquire valuables, such as credit card numbers and other personal data (McClure et al., 2003).

Generally speaking, phishing emails include bad spelling and grammar to make them less authentic, as well as messages that create a sense of urgency such as “Your account activity needs urgent attention” or “Unusual account activity detected!”. These techniques are aimed at causing a rush to click and supply information before the victim is able to assess the validity of the request.

In some cases, phishers will impersonate other company employees to get the user to divulge information or take a suspicious action. For example, the infamous 2014 Sony hack involved attackers who used publicly available LinkedIn and Apple ID data to identify high-level company officials that could then be contacted to request sensitive information or credentials.

Educating employees about common indicators of phishing attacks is an important step towards preventing them, but it’s also essential to train them on the basics of cybersecurity hygiene and how to spot a fake link or email address. In addition to knowing what to look out for, organizations should have a program in place that provides employees with easy reporting options when they receive phishing attempts. Finally, multi-factor authentication and regularly updating software/browsers are the best ways to help protect against phishing and other cyberattacks.