BotNet News

Phishing is one of the most pervasive cyberattacks and leads to the most common forms of cybercriminal activity including business email compromise (BEC) and ransomware.1

Using Social Engineering techniques to manipulate cognitive abilities, phishing lures users into taking an action that divulges sensitive information or downloads malware. This is why it’s important to maintain a healthy dose of skepticism and be suspicious of any request for sensitive information sent via email, text or chat.

Scammers use many tactics to create phishing emails that look genuine. One of the most common is a sense of urgency. They may claim you’ve won a prize, are owed money or even warn of criminals spying on you through your webcam.

Other common tactics include personalization and targeting specific individuals or departments within an organization. These types of phishing attacks are referred to as spear phishing and are often accompanied by vishing (voice phishing) or SMiShing (SMS text phishing). Cybercriminals leverage industry-specific processes, jargon, current events or company-specific data to make these phishing attempts more credible.

More sophisticated attacks can even target specific roles within an organisation such as a CEO, CFO or senior management team. These types of attacks are referred to as whaling and were responsible for the Sony data breach in 2014. The attackers used a combination of LinkedIn and Apple ID logins to find high level employees and then impersonated them in an attempt to get them to reveal passwords and confidential company information.