PHISHING LITERATURE REVIEW
Abstract
With the beginning of internet, various online attacks have been increased and among them, the most popular attack is phishing. Phishing is an online security attack where the hacker targets in achieving sensitive information like passwords, credit card information etc. from the users by making them to believe what they see is what it is. It is the combination of social engineering and technical methods to convince the user to reveal their personal data. The paper discusses about the Phishing social engineering attack theoretically and their issues in the life of human Beings. At the same time this paper also provides different techniques to detect these attacks so that they can be easily dealt with in case one of them occurs. The paper gives a thorough survey of various Phishing attacks along with their preventive measures.
1. Introduction Phishing can be compared with fishing in a lake, instead of trying to capture fish, phishers goal is to steal your personal information. Phishing being one of the easiest forms of cyber-attack for a criminal to carry out which can provide crucial information of the an individual and the information can be anything like passwords, account numbers, credit card details etc.
Phishing is a serious problem in the progressively limitless service of the internet. There are many ways to trick the people to disclose the information by using social engineering attack. It can take form of spam email, fake
Social engineering has caused many problems for different organizations. Because of social engineering many businesses have to take extra steps to protect themselves and their information from being hacked. According to Bidgoli, Social Engineering is a type of attack that takes over the power of human aspects in order to trick the public into declaring confidential information(MIS 7, 2017). This hacking technique has obtained the attention of numerous organizations, businesses, and governments worldwide.
As value customers of the Anthem, Inc. we believe it is important to keep each one of you informed of any incident that might affect your business with us. Your privacy and security is our priority for the reason Anthem, Inc. would like to inform our customers of a recent phishing attack. Unfortunately, we have experienced similar attacks in the past which led many of the employees and customers’ data exposed to hackers. Even though this is a serious matter for the company and the customers it is important for us to make our customers aware that phishing attacks are common and they cause huge losses to both the customers and the companies (Wright et al., 2014). Our most recent attack took place on April 2014 and it affected about 80 million identifiable data stolen via phishing emails. The
Phishing is an attempt to acquire personal information by masquerading as a trustworthy entity through an electronic communication. [ Compl. ¶ 28, ECF No. 1.]
This study conducted a large scale phishing experiment in a university with more than 10,000 subjects. The initial phishing attack involved spoofed email that redirects a user to a website to change their password, both males and females in the experiment were equally deceived. The second part of the attack used a survey to harvest personal information, this found that 61% of the victims were males compared to only 39%
Since our sponsor university is located in Massachusetts, where there is no direct single state law on anti-phishing. It is important to understand legal phishing definition, and laws applicable if University XYZ faces any phishing attack. In this section, apart from explaining federal statute and related punishment for phishing attack, details are given on government agencies that University XYZ can approach for phishing attack investigation.
Social Engineering has become a career for modern day cyber criminals. Thieves are waiting to prey on the vulnerable, and naïve. The situations, as devastating as they are to the victims, are very real. In some cases, unfortunately, the cybercrimes are life-altering and irreparable. This paper will highlight four real-life cases where social engineering techniques were used to obtain personal and corporate information.
Data breach is a topic that plagues the daily news and whether it presents itself in the form of a large company security breach or a case of identity theft in town, people are aware of their surroundings and are cognizant of the danger that hackers pose. Thus, when we are doing things like creating a new account with a website online, we are actively choosing to ignore the potential risks that surround us because creating a complex password and changing it every so often becomes too difficult. Just like Herley’s phishing example that was mentioned earlier in this paper, the time it would take to detect phishing websites and applying our knowledge to help prevent security breaches would help us save less than a dollar per year. I believe that is a risk many are willing to take, especially if it helps make our online experience that much more enjoyable and
Identity theft is one of the growing crimes in the United States due to the fact people do not know how to properly protect themselves against it. Criminals use different methods to acquire the information necessary to steal someone’s identity. Some of the techniques used to commit identity theft are; stealing wallets, acquiring bank information or pilfering through trash to find documents containing PII (FBI, n.d.). Nowadays criminals are able to steal people’s identity using different procedures over the internet without having to compromise their identity. Some of the methods are social engineering, phishing, sending spam messages and malware (OLI, 2013). Criminals use these methods because with the use of technology, identity theft could be accomplished anonymously and without much effort. Also because people lower their guard about securing their personally identifiable information when using the internet, especially when using social networks, they become easy targets to
Social engineering has a history of being used to collect and analyze information, however the information is commonly used for blackmailing reasons. There exist various definitions of social engineering depending on the type of attack that has occurred. Social engineering is described as the ability to deceive someone with the intention of breaching security levels (Shetty, p.1). It involves deceiving through the use of phones, computer or in-person. All that is needed is the information required for one to access the systems. Important evidence such as; computer systems is mostly disposed to to social engineering (Shetty, p.1). Often, social engineering occurs as a consequence of carelessness or gaps in security systems. It mainly
Social engineering refers to the techniques that are used by the criminals to manipulate people to give out their confidential information such as user names, passwords and bank accountants without being aware (Hadnagy, 2011). This technique is used by the criminals over the internet to trick people to disclose their confidential information rather than hacking the software installed on their PC. Social engineering takes different forms and it is perpetrated by the individuals who wants to take advantage of others after getting confidential information that allows them to access their accounts such as email or databases that contain protected information. For instance, a criminal who want to access another person’s email account may send
Bank of America is a multinational banking institute and one of the most trusted in the banking industry. This organizations sole purpose is to protect the customer’s confidentiality and assets by ensuring that data protection is the number one priority; however any organization when holding personal information can be a victim of data breach and BoA is not exempt. One of the largest risks BoA faces today is Mobile Banking. This consumer convenience is used by fifty percent of smart phone owners (Finney, 2014). Phishing is also threat to the banking industry; this strategy by hackers allows the extraction of consumer passwords and other sensitive information. Hackers targeting banking institution employees with convincing e-mails that fool them into clicking on malicious links-which ultimately compromise their credentials or
Phishing attacks are the most common attacks which help the attacker to gain valuable information about the victim. The attacker use some advanced techniques which help them to bypass the Internet service provider email defense systems as well as anti-phishing techniques implemented by email providers. In today’s world, most of the cyber criminals are using spear-phishing attack so that they can install malware on the victim’s machine which can help the attacker to gain long-term access to the victim’s computer and information. Spear Phishing emails can have the attachments in many file formats such as .pdf, .docx, .doc. The file type such as .com or .exe is called executable files which help the attacker to gain access to the victim’s system
The tendency of internet users to instantly assume website credibility, provides even the most unskilled hackers an opportunity to gain unauthorized access to someone’s computer in the world today. Often, malicious or ill-intended websites are designed in such as way that visitors perceive as trustworthy, but in the background are set up as platforms for phishing or to intentionally antagonizing users to get a reaction, also known as internet “trolling”. To the untrained user, the signs of a hoax website are often unclear. However, SomaliCruises.com, a website advertising cruises to Somalia in hopes of being hijacked and fighting Somalian pirates, provides an excellent case study of what a hoax website might look like. Specifically, Somali Cruises uses precise formatting and a friendly tone to make a good initial impression, but reveals its status as a hoax through subtle elements like sketchy advertisements,
The Internet today is used by people of various ages. Although the internet is a great and useful resource, yet internet dangers are around every corner. The use of technology has turned from educational resources or connecting with family across the globe to negative threats. Identity theft, cyberbullying, inappropriate content, sexual predators, and negative reputation are a few of the threats lurking on the internet. In the past years, social media has been immensely popular such as Facebook, Instagram, Snapchat, and WhatsApp. In the beginning of the internet age, the concern of internet safety was to block inappropriate content, but now it also about saving people from being a victim of the dangerous hackers and fake scams. Follow these guidelines to help stay away from these dangerous.
The increasing volume and sophistication of cyber security threats including targeted data theft, phishing scams and other online vulnerabilities demand that we remain vigilant about securing our systems and information.