BotNet News

Phishing is a cyber attack that tricks individuals into divulging sensitive information or downloading malware. By impersonating a trusted source and creating a false sense of urgency, bad actors can trick even the most perceptive people into taking action without thinking. A successful phishing attack can lead to stolen money, fraudulent charges on credit cards and lost access to photos, videos and files.

Often, phishing attacks are tied to specific events or holidays when people’s guard is lowered. For example, phishing emails that appear to come from Amazon about fake deals or payment problems spike during the company’s Prime Day sales event.

In addition, phishing attacks can be customized to target the victim’s organization. Direct deposit scams are one example, where attackers pose as a company executive or bank manager to convince victims to click a link that leads to a phishing website and installs malware.

While training employees to spot every phishing attempt is important, it’s unrealistic to expect them to examine every email they receive. And punishing users who click links doesn’t work, as it’s hard to blame someone for clicking for a variety of reasons that may be out of their control (for instance, they might be stressed or distracted). A better approach is to implement a multilayered defense that includes email filters, employee awareness training and endpoint protection tools that can identify suspicious content and quickly detect phishing attacks. Cisco’s upcoming acquisition of Armorblox will enhance these solutions with threat prediction and predictive protection to speed detection and reduce response times.