BotNet News

Phishing is when attackers impersonate a trusted entity to trick victims into sharing sensitive information. The attackers often create a sense of urgency or fear to prompt recipients into acting without thinking it through. This may include clicking a link, entering their login credentials into a fake webpage or downloading an attachment that installs malware. Cybercriminals are constantly evolving their methods to stay ahead of security professionals and avoid detection.

Attackers sometimes spend time tailoring phishing messages to specific targets, a practice known as spear phishing. They may use publicly available information about the target such as their name, job title or address or they could glean data from social media accounts. Attackers might even know what type of devices the target owns. Spear phishing can be very effective as the attackers can be more convincing and appear to have spent time researching their victim.

Other warning signs of phishing include a request for sensitive information, especially if it’s requested over email. Legitimate companies will never ask for passwords or other personal details over email, so if you receive such a request, it’s likely a scam. Urgent or threatening language, for example “your account will be deleted” or “act now,” should also trigger a red flag.

Other key red flags of phishing include links with unusual file extensions (e.g.,.iso,.js,.scr) and attachments that aren’t secured with HTTPS. Additionally, attacks can use techniques like shortened URLs to mask the real destination of a link. Employees can mitigate these risks by hovering their mouse over links to see the true destination and only click if they’re confident it’s legitimate.