Phishing is when you try to steal usernames, passwords, credit cards, and other data by pretending to be someone trustworthy. A common phishing attempt occurs when an attacker tries to send a fake email that appears to come from a well-known company. The word phishing comes from two words: fishing and phreaking (as in telephone phreaking).
Inside a typical phishing email, there is a website that matches the original look of the real website. Phishing is commonly used to steal data from users. IRCNow users are vulnerable to phishing unless you work hard to protect them.
Basic Phishing Defenses:
- Set up and use PGP signatures? to detect forged emails
- Always log in and identify with NickServ to prevent fake IRC nicks
- Set up a custom vhost for your znc bouncer
- Set +O mode on important team channels to prevent non-opers from joining
- Check and verify DKIM signatures on email headers to detect forged emails
- Confirm important transactions using two different messaging systems (by IRC and email, or by IRC and phone)
- Beware of forged SMS messages and phone calls