Tuesday, May 5, 2020
Spoof Email Phishing Scams and Fake â⬠Free Samples to Students
Question: Discuss about the Spoof Email Phishing Scams and Fake. Answer: Introduction Phishing also termed as Spoofing is a type of computer crime in which a victim or victims are communicated either through electronic mail, text message, or mobile phone for coaxing the individuals to procure the sensitive information like personal information, banking details, credit card details, and security pin. This information is then utilized to acquire the significant accounts and can leads to monetary theft. The first phishing case was registered against a teenager belonging to California. He imitated the website called America Online and performed the illegitimate access of the users sensitive details like credit card details for withdrawing the money from their own bank accounts. In addition to website and electronic mail phishing, there exists vishing or voice phishing, smishing or SMS phishing, etc. The Anti-Phishing Working Group (APWG) defines phishing as Internet hackers are utilizing the electronic-mail enrapturing to fish for the security pin and monetary information from the sea of Internet users. The phishing attacks can be performed by the following methods illustrated below: The money making offers and attention-grasping emails are created to draw the peoples observation instantly. For example, many scammers assert that you win a lottery, or some other expensive price, iPhone, etc. These types of doubtful emails should not be clicked. One of the preferred strategies used among the hackers is to make you to act as soon as possible. Some of the emails notify that you have only short amount of time to respond (Bright, 2004). When the user receives these types of emails, they should ignore it. Sometimes, the hackers will notify the users that their account will be deleted until the users update their personal information instantly. Most of the legitimate enterprises offer more time before the termination of the user accounts and they do not ask the customers to update the sensitive information over the Internet. The customers must go to the source website directly rather than using the email link to avoid the confusion. The hyperlink looks like the actual URL of the website but the user will be forwarded to some other website or any other famous websites with some mispellings after clicking it. For example, www.bankofarerica.com the m in the actual approved website is misgiven as r. If the user views the unexpected email attachments, it should not be opened. They contain malware information like virus or ransomware. The safer file that can be clicked anytime is a text (.txt) file. If the message received by the user arrives from the trusted or un-trusted persons, and if it contains any usual, unrelated, or suspicious information, this particular message should be deleted. Trojan Horse is a malevolent software or malware that is pretended as the approved legitimate software. The malwares can be uploaded by viruses, or without the awareness of the user, having a line of thought that the software is a utility of an internet browser plug-in. It can also be inaugurated through Internet Relay Chat sites. Most of the phishing attacks utilize the Trojan Horse to induct key loggers for obtaining the users details and the bank account numbers. These type of images contain username, credit card numbers, or passwords that are sent to the phishing attackers. The security holes are present in the web browsers that can easily accomplish the phishing attacks. The hacker incorporates a URL into the e-mail by using the given format: When the user places the mouse cursor over the link, the link appears to be www.legitimatesite.com; But the link navigates to the malicioussite.com, where the counterfeit webpage is provided. This insecurity hole is resolved by the Microsoft, but another security hole can be intruded by the attackers at any time. Malevolent Javascript: According to the Anti-Phishing Working Group, one of the main phishing technique used is employment of the Java scripting for creating hoax browser address or other portion of the browser consolidation called as Chrome. The Javascript changes the address bar, menus, status bar, etc (Festa, 2005). When the user keys in the URL in the address bar, the malevolent software code can forward the users to the fraud web site. The cross-site scripting injects the malevolent codes into the web application. If the login page of the bank web application is not well crafted and is not provided better validation, the malevolent software code can be injected and executed on that web site. An attacker could make the user to use the link for the vulnerable website and draft the web address that his malevolent software code executes on the bank web application. The user will think that he is browsing securely on the bank web application, when the malicious code is executed. Phishing attacks are getting increased and are evolved through various methods ranging from spear phishing to CEO fraudulent. It places the risk to all the users who are having email accounts. The phishing attacks are successful and popular for the following reasons provided below: The lack of extensive training in phishing and other virus attacks is the key reason for the success of these attacks. The research states that 6% of the users never procured the safety recognition training (Gonsalves, 2013). If the employees are given the security awareness training, they can easily detect the phishing attacks and perform the action accordingly. The users should be trained on the scams and malicious emails that they encounter on social media websites. Insufficient Diligent Performance of the Enterprises The firms are not performing enough to suppress the risks related to phishing and malevolent software. The lack of backup processes and the inability to detect the untrained users who need extensive training is another reason for the success of phishing attacks. The lack of strong intrinsic control methods makes the organizations to be affected largely by the CEO process. Most of the cyber criminal firms contain larger funds, which in turn makes them to gain additional expertise in phishing and allows them to perform more difficult phishing attacks. The utilization of the Dark Web has reduced the value of the stolen data and the cost of remittance record is reduced from 25 dollars in 2011 to 6 dollars in 2017, and so the cyber offenders changes their line of focus on innovative ways for earning more money as before (Gray, 2013). Subsequently the offenders discovered a fund source through data owners, where they focus by means of phishing and ransom worm attacks. By scared of data loss, data owners will think more before expending the money to the cyber criminals.ls The phishing tools and ransomware-as-a-service availability provides easy opportunity to the hackers for making an entry into the market and make a competition with experienced criminal firms. Starting the first action of stealing the users information into clicking illegitimate links to the recent CEO fraudulent activities, the skill sets or expertises of the criminals are enhanced. There is a prediction of more type of threats like ransom worms by this year. Importance of handling phishing attacks on organizations Over the past years, there is lavish growth and success of spear phishing threats that provide severe consequences for business organizations. The spear phishing is related with many cyber crimes including the top organizations like JPMorgan Chase Co., Sony, Ebay, Target, etc (Barret, 2007). A survey is conducted by the research organization Vanson Bourne to enquire 300 technology decision makers regarding the organization perspective. Based on the survey, almost 80% of the interviewed decision makers told that spear phishing threats is the enterprise main security concern. According to the IT professionals, spear phishing is a top vulnerability faced by many top organizations today. The survey is primarily performed to collect the organization information based on the overall cyber attacks percentage represented by spear phishing. The 84 percentage of the users responded that their security defending mechanisms are penetrated by the spear phishing over the past 12 months (Jack, 2010). Moreover, 38% cyber attacks are encountered in organizations (Moulds, 2006). These are costlier attacks as the average cost over all organizations attacked by spear phishing threats was 1.6 million dollars. Email is highly prone to the spear phishing attacks. Moreover, 1 in 6 firms is affected by the reduction in their stock price. The phishing was defined as the utilization of scam emails that are designed as original mail from the trusted source like banks, E-commerce sites, or auction websites (Jack, 2010). Recently, the phishing is performed by various new social methods for hacking the sensitive information of the users. For example, there will be an invitation for filling out the survey containing questionnaire on personal information and account information of the users for any other banking websites with cash reward. Then the users will be asked to verify the credit card details stored by the users in the secure website for the purpose of registration. Currently the phishing definition has transformed to carry out several financial cyber crimes. Once the malicious code enters into the physical computer, it uses several techniques to lure on web site communication details and account details. The phishers contain various tools performing many illegal activities given below: Hosting phishing websites Botnets Technical Deception Hijacking of the communication session Exploitation of Domain Name Service (DNS) system Functional Malware There has been distressing increase in the usage of social media as a platform for performing the phishing attacks. In the year 2016, there is 150 percentage increases in the phishing attack on social media (Dworak, 2003). It is also known as angler phishing and involves the hackers having fraud social media accounts, posting popular brands, banks, etc for procuring the unauthorized access to the accounts of the users, users financial details, or other sensitive information. A phishing tactic used in social websites like Facebook and Twitter are the latest examples containing a fraudulent Barclay customer service that lure the users conversations by means of online support. Phishing attacks are the real threats that all organizations should deal with. The cyber criminal firms are utilizing phishing as a threat that incurs with improved frequency and high sophistication level. These attacks are real threats in both the business and in personal lives of the users. The organizations should invest for preventive measures and must contain a quick response plan against the phishing threats. They should provide training to the staff regarding the phishing dangers and actions after encountering these types of attacks. Process for preventing phishing in organizations: Employing a systematic vision and convey it The leadership of an enterprise should employ a systematic vision of protecting and securing the sensitive information properties across users, methods, and various technologies (Hurst, 2014). This vision should be transferred all over the enterprise and are constantly employed. Creating an information administration plan - The enterprises must create an information administration strategy inclusive of the differentiation and administration of the sensitive information. Counterfeit Phishing Attacks - The firms should assume the phishing threats for measuring the efficiency of the training and record the responses. This analysis helps the enterprises to spot the individuals who require intensive training and for identifying the security rules and policies. Create a feedback process By creating the milestone feedback process, which defines the main responsibilities, intrinsic, and extrinsic arrangements throughout the milestone, an enterprise can make the employees to defend various cyber crimes. Moreover, the firm should verify its ideas regularly for ensuring that the employees are able to respond for the cyber attacks and the created process are more efficient. Combating Phishing Attacks using Technology Update Antivirus and Antispyware software regularly Effective administration of applications like add-ons of web browser such as Adobe Flash and Java are the main components for the efficient defence against the cyber crime attacks. An enterprise must make sure that the installed antivirus software, patches of operating systems, and patches of applications are updated for increasing the overall safety and security against the cyber crimes. Incorporate dual factor authentication The enterprises should incorporate dual factor authentication for access of the information from remote location. The dual factor authentication is based on both the password and cell phone that a message is transferred to for obtaining the remote access. For example, if an employee discloses the password without his knowledge, the phishing will not be performed by the attacker since he does not know the second factor (Gelles, 2014). Restrict the system administration admittance of their workstation Most of the employees do not require the system administration access for their desktop computer or laptops. Therefore, by restricting the administration entrance to those employees, they will be able to complete their jobs and the execution of the phishing attack through malware codes can be avoided. Conclusion: The phishing attacks impose severe threats to the users and the organizations dealt by them. The online scams are increasing substantially and the complicated methods are employed by the attackers for injecting the phishing attacks and malwares. There are no magical ways to keep these threats away. The users should be extensively given training on these online threats. The organizations should ensure that the online fraudulent and other scams are reported by their consumers. The security organization should find possible solutions to safeguard the emails and E-commerce websites. References: Bright, M. (2004, February 12). Spoof Email Phishing Scams and Fake Web Pages or Sites. Retrieved from https://www.millersmiles.co.uk/identitytheft/gonephishing.htm. Gelles, J. (2014, March 27). Consumer Watch: Phishing Scams Continue to Bite. Retrieved from https://www.philly.com/mld/philly/business/columnists Hurst, P. (2014, February 2). Millions at Risk from Cyber Phishing Gangs. Retrieved from https://www.crime-research.org/news/29.02.2004/95 Dvorak, J. (2013, April 5). Gone Phishing. Scams for Personal Information Are Getting Worse. Retrieved from https://abcnews.go.com/sections/ Jack, R. (2010, April 6). Online Phishing Uses New Bait. Retrieved from https://www.vnunet.com/News/1154101. Moulds, R. (2006, March 29). Whose Site is it Anyway?. Retrieved from https://www.net-security.org/article.php?id=669. Barrett, J. (2007, April 15). Phishing Fallout. Retrieved from https://msnbc.msn.com/id/4741306/. Gray, P. (2003, December 10). IE Bug Provides Phishing Tool. Retrieved from https://news.zdnet.co.uk/internet/security/0,39020375,39118421,00.htm Gonsalves, A. (2013, January 16). Latest Trojan Phishing for Personal Data. Retrieved from https://www.techweb.com/wire/story/TWB20040116S0007 Festa, P. (2005, December 10). IE Bug Lets Fake Sites Look Real. Retrieved from https://news.com.com/2100-7355-5119440.html?tag=nl.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment