Literature Review Of Phishing : Social Engineering Attacks

Social engineering has caused many problems for different organizations. Because of social engineering many businesses have to take extra steps to protect themselves and their information from being hacked. According to Bidgoli, Social Engineering is a type of attack that takes over the power of human aspects in order to trick the public into declaring confidential information(MIS 7, 2017). This hacking technique has obtained the attention of numerous organizations, businesses, and governments worldwide.

As value customers of the Anthem, Inc. we believe it is important to keep each one of you informed of any incident that might affect your business with us. Your privacy and security is our priority for the reason Anthem, Inc. would like to inform our customers of a recent phishing attack. Unfortunately, we have experienced similar attacks in the past which led many of the employees and customers’ data exposed to hackers. Even though this is a serious matter for the company and the customers it is important for us to make our customers aware that phishing attacks are common and they cause huge losses to both the customers and the companies (Wright et al., 2014). Our most recent attack took place on April 2014 and it affected about 80 million identifiable data stolen via phishing emails. The

Phishing is an attempt to acquire personal information by masquerading as a trustworthy entity through an electronic communication. [ Compl. ¶ 28, ECF No. 1.]

This study conducted a large scale phishing experiment in a university with more than 10,000 subjects. The initial phishing attack involved spoofed email that redirects a user to a website to change their password, both males and females in the experiment were equally deceived. The second part of the attack used a survey to harvest personal information, this found that 61% of the victims were males compared to only 39%

Since our sponsor university is located in Massachusetts, where there is no direct single state law on anti-phishing. It is important to understand legal phishing definition, and laws applicable if University XYZ faces any phishing attack. In this section, apart from explaining federal statute and related punishment for phishing attack, details are given on government agencies that University XYZ can approach for phishing attack investigation.

Social Engineering has become a career for modern day cyber criminals. Thieves are waiting to prey on the vulnerable, and naïve. The situations, as devastating as they are to the victims, are very real. In some cases, unfortunately, the cybercrimes are life-altering and irreparable. This paper will highlight four real-life cases where social engineering techniques were used to obtain personal and corporate information.

Data breach is a topic that plagues the daily news and whether it presents itself in the form of a large company security breach or a case of identity theft in town, people are aware of their surroundings and are cognizant of the danger that hackers pose. Thus, when we are doing things like creating a new account with a website online, we are actively choosing to ignore the potential risks that surround us because creating a complex password and changing it every so often becomes too difficult. Just like Herley’s phishing example that was mentioned earlier in this paper, the time it would take to detect phishing websites and applying our knowledge to help prevent security breaches would help us save less than a dollar per year. I believe that is a risk many are willing to take, especially if it helps make our online experience that much more enjoyable and

Identity theft is one of the growing crimes in the United States due to the fact people do not know how to properly protect themselves against it. Criminals use different methods to acquire the information necessary to steal someone’s identity. Some of the techniques used to commit identity theft are; stealing wallets, acquiring bank information or pilfering through trash to find documents containing PII (FBI, n.d.). Nowadays criminals are able to steal people’s identity using different procedures over the internet without having to compromise their identity. Some of the methods are social engineering, phishing, sending spam messages and malware (OLI, 2013). Criminals use these methods because with the use of technology, identity theft could be accomplished anonymously and without much effort. Also because people lower their guard about securing their personally identifiable information when using the internet, especially when using social networks, they become easy targets to

Social engineering has a history of being used to collect and analyze information, however the information is commonly used for blackmailing reasons. There exist various definitions of social engineering depending on the type of attack that has occurred. Social engineering is described as the ability to deceive someone with the intention of breaching security levels (Shetty, p.1). It involves deceiving through the use of phones, computer or in-person. All that is needed is the information required for one to access the systems. Important evidence such as; computer systems is mostly disposed to to social engineering (Shetty, p.1). Often, social engineering occurs as a consequence of carelessness or gaps in security systems. It mainly

Social engineering refers to the techniques that are used by the criminals to manipulate people to give out their confidential information such as user names, passwords and bank accountants without being aware (Hadnagy, 2011). This technique is used by the criminals over the internet to trick people to disclose their confidential information rather than hacking the software installed on their PC. Social engineering takes different forms and it is perpetrated by the individuals who wants to take advantage of others after getting confidential information that allows them to access their accounts such as email or databases that contain protected information. For instance, a criminal who want to access another person’s email account may send

Bank of America is a multinational banking institute and one of the most trusted in the banking industry. This organizations sole purpose is to protect the customer’s confidentiality and assets by ensuring that data protection is the number one priority; however any organization when holding personal information can be a victim of data breach and BoA is not exempt. One of the largest risks BoA faces today is Mobile Banking. This consumer convenience is used by fifty percent of smart phone owners (Finney, 2014). Phishing is also threat to the banking industry; this strategy by hackers allows the extraction of consumer passwords and other sensitive information. Hackers targeting banking institution employees with convincing e-mails that fool them into clicking on malicious links-which ultimately compromise their credentials or

Phishing attacks are the most common attacks which help the attacker to gain valuable information about the victim. The attacker use some advanced techniques which help them to bypass the Internet service provider email defense systems as well as anti-phishing techniques implemented by email providers. In today’s world, most of the cyber criminals are using spear-phishing attack so that they can install malware on the victim’s machine which can help the attacker to gain long-term access to the victim’s computer and information. Spear Phishing emails can have the attachments in many file formats such as .pdf, .docx, .doc. The file type such as .com or .exe is called executable files which help the attacker to gain access to the victim’s system

The tendency of internet users to instantly assume website credibility, provides even the most unskilled hackers an opportunity to gain unauthorized access to someone’s computer in the world today. Often, malicious or ill-intended websites are designed in such as way that visitors perceive as trustworthy, but in the background are set up as platforms for phishing or to intentionally antagonizing users to get a reaction, also known as internet “trolling”. To the untrained user, the signs of a hoax website are often unclear. However, SomaliCruises.com, a website advertising cruises to Somalia in hopes of being hijacked and fighting Somalian pirates, provides an excellent case study of what a hoax website might look like. Specifically, Somali Cruises uses precise formatting and a friendly tone to make a good initial impression, but reveals its status as a hoax through subtle elements like sketchy advertisements,

The Internet today is used by people of various ages. Although the internet is a great and useful resource, yet internet dangers are around every corner. The use of technology has turned from educational resources or connecting with family across the globe to negative threats. Identity theft, cyberbullying, inappropriate content, sexual predators, and negative reputation are a few of the threats lurking on the internet. In the past years, social media has been immensely popular such as Facebook, Instagram, Snapchat, and WhatsApp. In the beginning of the internet age, the concern of internet safety was to block inappropriate content, but now it also about saving people from being a victim of the dangerous hackers and fake scams. Follow these guidelines to help stay away from these dangerous.

The increasing volume and sophistication of cyber security threats including targeted data theft, phishing scams and other online vulnerabilities demand that we remain vigilant about securing our systems and information.