BotNet News

Phishing occurs when a bad actor spoofs the authentic sender of an email, phone call or text message in order to trick an individual into taking unsafe action that divulges sensitive information, forces a malicious download or otherwise compromises personal and organizational data. Attackers will often use scare tactics, flattery or other social engineering techniques to persuade victims into lowering their guard and taking unsafe actions.

A common example is an attacker posing as the user’s internet service provider or other company asking for login credentials in order to fix a problem or confirm details about their account. The attacker may even imply that their account has been compromised or hacked, urging the victim to take urgent action to correct the problem.

Other examples include phishing via social media, where attackers pose as users on platforms like Facebook Messenger, LinkedIn InMail and Twitter DMs in order to gain access to personal and professional contacts. This type of phishing can be particularly damaging as the bad actors can steal account passwords that are used for other accounts (e.g., online banking, etc.).

Attackers can also utilize a tactic called business email compromise (BEC), where they compromise a lower-level employee’s account and then instruct others to make fraudulent payments or provide access to confidential information. This kind of attack can be costly – in one instance, Crelan Bank lost more than $75 million to a BEC attack perpetrated by the criminal hacking group Guardians of Peace.