PHISHING ATTACKS
TABLE OF CONTENT
INTRODUCTION……………………………………………………………….3
BODY OF THE PAPER…………………………………………………………5
CONCLUSION……………………………………………………………………8
REFERENCES…………………………………………………………………….9
INTRODUCTION
The term phishing is widely used for the cyber-attack performed by the criminals by spoofing into the computers through internet to steal the important and confidential information of the person or organization. They send emails and act as trusted brands or organizations such as banks or other government department and ask to share the personal information or will send an email which contains malware. As the person clicks the attached document the malware encrypts the computer and all the details stored into the computer is directly delivered to the criminals. Such criminals instead of targeting the system used by the people they actually target the people using the system. The cyber criminals are so dam clever that no matter how strong the software security of the organization, how many firewalls are installed, the software encryption used or the two- factor authentication required if the person sitting on the computer falls for the phish all the data can be leaked easily. In past also these spam mails has stolen confidential data of the people from private and public sector, has threatened the national security and other damages are included. With the advancement in the technology these phishing attacks has also widen their range shifting from only spam mails to instant messaging, social networking sites, mutli-layered games and VOIP calls. Jakobsson and Meyer in 2006 has given a general perception about phishing as how it works, what is their motto and what preliminary actions can be taken to protect or avoid phishing attacks at that time (Hong, 2012).
As the dependency on internet and technology has been increased people have become easy targets of these phishing attacks. The spam email will always lead the user to the sites where they have to enter their personal information. The rationale behind extracting maximum personal information by the hacker is to hack the system and get to the confidential details of the person. It is very evident that these spam mails are sent to the large number of people and hacker keep a keen note on how many people have read the spam mail and out of which how many have entered the information into it. It is actually very difficult to analyze the spam mails and such malicious sites from other genuine one. There are almost 630,494 phishing sites exist, a data released in 2015 by Anti Phishing Working Group (APWG). The top two countries with maximum number of phishing sites are USA (76.8%) and Belize (81.3%) (Suganya, 2016). According to researchers humans are the most fragile string in the whole system, although the security of the person solely depends on the type of self-protection a person follow. However, in many cases it has seen that people are often ready to disclose their personal information in the exchange of money. This practice of people mostly lends them into the net of phishing losing all their confidential details. So it is very important to perform a safe internet culture and it has seen that mostly people are very much concerned about operating internet and their information (Nguyen, Rosoff & John, 2017).
Description of Problem Associated with Phishing
The problem of phishing mostly resides in the depth of the person using the internet without or with very little knowledge and hackers precisely use this as the weapon to hack a system. Although via thorough investigation researchers has concluded three preliminary terms to describe the way a phishing attacks place; the lure, hook and catch.
The Lure: It is basically would be an email which will almost look like an official email received from a government office or by trusted institution. The email will always contain a link leading to website which is actually have an befog URL of malicious site.
The Hook: The hook is the malicious site who will burlesque the original site of the certified organization. The person or the phish who is unaware about this will enter their confidential information.
The Catch: The last step performed by the phisher is the catch where he will use the confidential information of the phish to hack the system.
The reason behind people becoming easy victim of phishing is due to the following reasons:
The email id’s used by the phishers can be imitated from someone known of the person.
The hidden URL’s in the email.
They often use the logos, images and trademarks which is in reality belongs to the original organization. It is important for the people to understand that these things can be easily copied from the internet.
Most of the emails we receive through unknown person or organization is often encoded with a message stating “do not click on this link it is not from the trusted sender” but this is most common practice that we actually do not give importance to such messages (Chaudhry, Chaudhry & Rittenhouse, 2016).
According to a report from Metzger et.al the people with the age group between 18-25 years are most likely to become the victim of phishing as they trust all the information coming to their way through internet. However, people with older age are less prone to phishing attacks because of the knowledge they have, more concerned about their confidential information, the financial security and any past experience by them. But still there are some conflict on this issues based on the study performed by other researchers (Gavett et al., 2017).
Protection from Phishing
On analyzing overall problems that leads to a person to become a victim of phishing it is now important to understand how one could save themselves form it. So here are three premier points that one should always keep in mind while accessing the internet.
Be Invisible: It is the first line of defense a person can follow while using internet and can be performed by three ways; 1) filtration- there are certain tools present online which can help in filtering the spam emails or phishing sites. The first phishing email filter was developed by Fette et al which has the potential to identify the phishing emails, different domains names with special URL’s. Other than this DomainKeys Identified mail (DKM) and Simple Mail Transfer Protocol (SMTP) both are the special technologies to identify the forge domains and spam emails can be used extensively.
Use of Sophisticated Interfaces: This is the second line of defense where a user should always give a special care to the warnings appearing on the screen as a dialogue box`. Though these warnings are divided into passive warnings and active warnings where a passive warning does not appear on the screen and also is not a potential way to eliminate threat. The second is active warnings which appear as dialogue box on the screen while using the internet certain times. But most of the time user either being unaware of what it is or thinking is as d disturbance ignores it completely. Several big organizations use either SiteKey or Two-factor authentication where the organization people use a two way security system log in into the internet.
Training:
This is the third line of defence but it is least likely to be adopted and popular among the people though it is considered to be very important to have well up to date knowledge about phishing sites. In this area two well popular training programs have been developed. Sheng et al developed an Anti-Phising game which is a micro game to learn about phishing sites. The learner is allowed to play a game in which they were made aware about the phishing domains, URL’s and emails. The gamer then are tested with small tests during the game. The second training program was developed by Kumaraguru et al in which the trainees were exposed to several malware sites or emails. If the trainee falls for any of these sites then would be trained for that like how to recognize these malware sites and emails (Hong, 2012).
CONCLUSION
The present essay is focused on the phishing attacks which is a cyber-crime operated by cyber criminals. They extract the confidential information of the person and the system for their benefit. These phishers will always use the name of authenticated organization so that people really do not doubt on them and become easy prey to such things. The increased use of technology and dependency on it has made easy for phishers to perform such crimes. They will always send a spam mails or will use a social network platform to target as many people as they can. They always keep a keen check on the people entering the information on these sites to have potential targets. The root of the problem always lies in the ignorance, lack of knowledge and trust of the phish. To protect the confidential data from going in unsafe hands requires certain aspects need to be followed. Like using certain authenticated site and technologies which makes you invisible to such phishers, going for training where one can learn how to predict these malware and using a protected interface which is normally used by big organizations to protect their data.
REFERENCES
Hong, J. (2012). The state of phishing attacks. Communications Of The ACM, 55(1), 74. http://dx.doi.org/10.1145/2063176.2063197
Suganya, V. (2016). A Review on Phishing Attacks and Various Anti Phishing Techniques. International Journal Of Computer Applications, 139(1), 20-23. http://dx.doi.org/10.5120/ijca2016909084
Nguyen, K., Rosoff, H., & John, R. (2017). Valuing information security from a phishing attack. Journal Of Cybersecurity. http://dx.doi.org/10.1093/cybsec/tyx006
Chaudhry, J., Chaudhry, S., & Rittenhouse, R. (2016). Phishing Attacks and Defenses. International Journal Of Security And Its Applications, 10(1), 247-256. http://dx.doi.org/10.14257/ijsia.2016.10.1.23
Gavett, B., Zhao, R., John, S., Bussell, C., Roberts, J., & Yue, C. (2017). Phishing suspiciousness in older and younger adults: The role of executive functioning. PLOS ONE, 12(2), e0171620. http://dx.doi.org/10.1371/journal.pone.0171620