country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Phishing Is A Social Engineering

tag 0 Download11 Pages 2,619 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT

Question:

What is the Phishing is a Social Engineering ?
 
 

Answer :

Introduction

Phishing is a social engineering activity of luring internet users into using or clicking certain computer links in a site, emails or other web pages sites. The cybercriminal uses this means in order to obtain sensitive information of a target such as passwords, usernames, and credit cards numbers for malicious intentions by pretending to be entrusted entity.

For instance, an attacker can perform an email phishing by sending an email that appears to be sent from one of the user’s bank. The attacker engages trustworthy of the victim by pretending to be that bank. The email may contain an information about some pending account in-activity that the users need to send sensitive details about his account for him to be activated. When the user sends the details, the attacker obtains the bank details and uses to access users bank account.

Phishing Techniques

Phishing attackers uses the following techniques to attack the victims using below phishing types: (Ramzan, 2010)

  • Spear phishing

This is phishing attempt always directed to the target victim where the victim can be an individual, organisation or a company. Attackers gathers sensitive or crucial information that will perfect the attention of the victims when sent to them. This technique is the most successful one.

  • Clone phishing

This type of phishing always takes advantage of sent emails that are sent to the recipients. Attackers take advantage of mails that contains attachment or links. The attackers obtains the same mails and edit them and create almost identical mails and send them to the earlier recipient address. The mail contains malicious content but the recipient won’t realize whether that the mail has bad intention, they only think that the same sender may be sent an updated mail or sent another mail to counter any loss of delivery.

  • Whaling

This type of phishing targets senior executives and senior heads in an organisation or a business. The form or way used to attack takes an executive form in a way that it will capture senior managers or workers attention. The information sent may be in form of a customer complaint form that will lure in the senior manager to open the info or link hence sending sensitive information to the attacker without realisation.

 
  • Link manipulation

The phishers use mails or websites for their targets. They add links to the websites which hold sensitive business activities and embed misspelt urls that appears to be correct if the user is not very keen. The user may click the link and be redirected to an alike webpage comprising almost the same details / information. The user may end up providing login details without realising he has just sent the details to the attacker.

  • Filter evasion

Phishers started using images to evade anti-phishing filters where they hide the text behind the image. Although some techniques have been devised to detect phishing texts in images and even when the texts are rotated, the phishers continues to attack various victims of website and email users.

  • Website forgery

The phishers enters a website for spoofing. When they get into the site, they make use of JavaScript to lure users to activate some commands while in background they change the address bar without the user noticing. The user may end up being redirected to another web page but with same look like the earlier web page. The user may be prompted to login especially if the web page is a web application and the attacker wants to obtain login credentials of the victim. The attackers always attack sites like bank web application and at once PayPal was once attacked.

  • Covert redirect

This is a trick used by attackers that provide links that appear legitimate to the users. The links may be popups that requires users to login to their sensitive accounts while the attackers have used them to capture sensitive details.

  • Phone phishing

The attackers uses the voice phishing to attack the victims. The phishers can send a fake message containing sensitive information that will capture victim’s attention. The message may be framed to have come from a recognised organisation like a bank. Victim may be prompted to enter pin without realising that massage has a fake ID source. Therefore the attacker will obtain user’s sensitive details and use them for malicious activities.

Phishing Success

What makes the phishing to become more and more success is due to human nature which is tough to overcome. The phishers are taking advantage of human nature and post information that will always capture victim attention. For instance, the phishers can send a love bug or health advises that has key information to be ignored by the victim.

While the technologists are increasingly devising control measures for anti-phishing, the phishers are becoming cleverer. They are using super phishers to hack and spoof information. They can hide the phishing links that goes un-noticed by phishing detectors.

The main success of the attackers is how currently they can protect themselves from being noticed. Like earlier days where they could redirect victims using links to fake sites and prompt users to enter some details like the login credentials, currently the victim just clicks the links and activates a background rogue codes that exploit victim computer without user noticing. This may lead to installation of ransom ware into victim’s computers without victim consent.

The phishers also take advantage of users unaware of the victims especially if the victims are not expecting phishers to have interests in their sensitive details.

Tools used by phishers

Phishers have variety of tools readily available to them that makes their attacks a success. These tools can be used to perform various functions like mail delivery, website spoofing and phishing malware embedment.

These are the list of those tools used:

  • Botnets

Bots are programs that reside in a computer and provide remote controls through various protocols. When many bots are controlled from one control they make a botnet. Botnets are controlled in way that they can be used to cause an attack to certain computer targets. When a computer becomes a bot, it can be used to send a malicious mail, cause other web browsers users to be redirected into malicious web pages, install additional malware to itself, cause surveillance to other computers sensitive details and more other illicit activities.

Bots can be redistributed through file sharing and mailings.

  • Phishing kits

The phishers have become more ready through use of readily available kits which contains set of equipment that can be used perform an attack. The kit contains set of ready bots, hosting domains that have assurance of not been closed off or detected (Roberts, 2004), list of servers which can be targeted and more so famous sites and organisation details that an attacker can use to attack. In current days, the developers of these kits don’t sell them, in fact they spend time in advancing these bots and making newer versions of bots that can be downloaded by interested phishers for free (Sophos, 2000). The technology needed to perform an attack has been made readily available by the kit providers hence more attacks are continuing to happen

  • Technical deceit

As the internet users have become more aware of the detection of phishing codes and links, the attackers have engaged in more tricky ways of performing their attacks. They make counterfeit websites that cannot be noticed by the internet users while redirecting.

  • Session hijack

Phishers have been waiting for internet users to log in to web applications and become men in the middle. They capture ones IP address and fake Mac address and pretend to be the original owner of the authentication credentials. They do this until they capture all sensitive details that will help them perform a fraudulent attack without users prior knowledge since they forward the messaging signals to the server on behalf of the owner. They act as the first destination of senders signal and as the first receivers of servers signals been sent to the user.

  • Abuse of Domain Name Service (DNS)

Phishers have using the domain name service exploits where they pretend to be the said url name while the IP address of the address is fake. They do this to gain users trust without user’s prior knowledge.

 
  • Phishing specialized malware

Technologists have made bots that readily are available to the phishers. These malwares are designed for spying and illicit operations between the affected computers. The bots can be used for spying in a certain computers details and even send those details to the main control and obtain sensitive data for malicious gain.

Organisation Concerns

As the phishing has become more and more successful and affecting organization to negativity through spear phishing, the organizations are concerned more on how to counter the attackers. Spear phishing has been used to perform large cyber-attacks leading to large money loss in organizations.

The spear phishing has impacted negatively to the affected organizations. For instance, most of those organization reported to have been attacked, they have experienced:

  • Big money loss
  • Decrease in stock sales

For those two main losses, the attackers used malwares to obtain authentication details and obtained organisation sensitive information.

The attackers have been using emails to counter victims trust.

The attackers always targets the finance and IT staff who always hold sensitive details about money or authentication credentials for an organisation.

The main negative impacts of phishing to an organisation are as follows: (Van der Merwe, 2005)

  • Decreased employees productivity
  • Financial losses
  • Organisation reputation damage
  • Decreased stock prices

The organisation has used various technologies to prevent themselves from phishers. The techniques they use are:

  • Secure email gateway
  • Secure web pages gateway
  • Url filtering
  • Data leaking protection
  • file solution sandboxing

Current and Future Trends of Phishing

Currently phishing is becoming more and more prone affecting many organization leading to losses. The phishers are cleverer than before. They have devised phishing techniques that cannot be easily noticed. The phishers have taken advantage of human nature in a way they easily afford human attention by gaining their trust. The phishers are forging sites and e-commerce accounts in a way that site users are hard to realise that the sites are spoofed. As the technology advances, the phishers are devising more and more tricky spams which are hard to be detected by anti-phishing software. The speed at which hackers are devising new phishing techniques is super-exceeding the technology used to make new phishing control measures. (APWG, 2004)

The future of phishing is to hack many sites, banks and e-commerce sites without any complexity. This will lead to collapse of businesses if technologists don’t speed up their techniques of devising control measures.

Phishing has taken advantage of research survey where the internet users can be tricked to fill some phone or bank details so as to capture victim sensitive information.

Other phishers are using trick games which always appear as a pop up where the victim is deceived to have won a gift but at the end the victim is issuing his authentication details pertaining a bank or other financial institution like the master cards.

The following key points goes with the current trends in phishing:

  • Social engineering components

Phishers are using social engineering techniques to trick the internet users to click a link and activate malicious codes by finding vulnerabilities. The attackers embed the codes in emails and websites that are common to the users and which contains sensitive information especially details of banks and e-commerce. The phishers make the codes in a way that it is hard to be noticed by the victims. This codes when activated, they run in background of victim’s computer and performs spying activities which can capture users’ usernames and passwords in the browsers and emails.

 
  • Common tools and infrastructure

Phishers has been using common infrastructure to attack the internet users. They use websites, bot nets and mails to host phishing sites and malicious software.

  • The big idea

The main trend now is that the websites hosting companies are ensuring the clients’ websites have been configured with anti-phishing technologies to prevent phishers from spoofing. As well the law and the government should ensure that the criminals and hosting companies of phishing sites are taken into courts and be prosecuted for committing this kinds of crimes

Phishing Control and Avoidance

For phishing control in organisations, the staff should be warned, made aware, trained and be given reinforcing messages in day to day to counter attackers techniques. (Ramzan, 2010)

  • Awareness and education

Even though awareness is not enough, the web pages and other sites should be incorporated with anti-phishing programs that can detect phishing links and remove them immediately.

In addition, the organization can filter phishing emails or web pages in a network before reaching to the staff.

The best phishing defensive mechanism is:

  • If any link is sent to your email and the link is requesting you to send your login credentials, ignore the mail as a spam.
  • If the mail sent is suspected to be a scam, just read the mail between the lines and don’t click any link in that mail. You can inspect the link by typing in into your browser and see what that link contains but don’t click it in your email.

 

  • Strong authentication practices

Two factor authentication can be used to provide users with a hardware token that keep on changing after every logins. The attacker won’t be able to use the credentials since the details keeps on changing.

  • Virus, spyware and spam prevention

Anti-malware have been implemented to prevent users against suspicious codes used by the phishers. These products are always enabled and updated to provide maximum protection.

  • Targeting hosting sites

The law can be used to suppress the hosting sites sending phishing mails or codes and hence be shut down. The practice should be done previously as the phishers keep on devising new hosting sites.

Recommendation

Though there has been techniques and measures used to counter phishing, the technology should be improved to counter the phishing to zero tolerance. The measures that can be recommended is:

  • Continued awareness and education to the public and staff on issues pertaining the phishers and new techniques used by the phishers.
  • The organisation should have a foresight of their sites or emails about an information that might be at risk. This helps to counter any vulnerability by the phishers to attack the sites.
 

Conclusion

Since phishing is profitable activities to the attackers, the phishers are becoming more and more intelligent in using technology for their profit gains. Organisation should involve themselves in creating awareness to their staff and public to counter the phishers. New and advanced technologies are been devised to keep off the phishers. Phishers can lead to an organisation collapse.

 

References

Ramzan, zulfikar. “Phishing attacks and countermeasures”. In stamp, Mark & Stavroulakis, Peter. Handbook of information and communication Security. 2010, Springer ISBN 9783642041174

Van der Merwe, A.J, Loock, M, Dabrowski, M. (2005), Characteristics and Responsibilities involved in a Phishing Attack, Winter International involved in a Phishing Attack, Winter Symposium on Information and Communication Technologies, January 2005, Cape Town.

Anti-Phishing Working Group. Phishing Activity Trends Report, March, 2017.https://www.antiphishing.org/APWG_Phishing_Activity_Report-March2017.pdf
Anti-Phishing Working Group. Phishing Activity Trends Report, March 2017. Retrieved 3March 30, 2017 from https://antiphishing.org/APWG_Phishing_Activity_Report_April_2005.pdf

McWilliams, Brian. “Cloaking Device Made for Spammers.” Retrieved March 30, 2017 from https://www.wired.com/news/business/0,1367,60747,00.html.  

“Do-it-yourself phishing kits found on the internet, reveals Sophos”. Retrieved March 30, 2017 from https://www.sophos.com/spaminfo/articles/diyphishing.html.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2018). Phishing Is A Social Engineering . Retrieved from https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.

"Phishing Is A Social Engineering ." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.

My Assignment Help (2018) Phishing Is A Social Engineering [Online]. Available from: https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering
[Accessed 09 April 2020].

My Assignment Help. 'Phishing Is A Social Engineering ' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering> accessed 09 April 2020.

My Assignment Help. Phishing Is A Social Engineering [Internet]. My Assignment Help. 2018 [cited 09 April 2020]. Available from: https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.


MyAssignmenthelp.com is one of the noted service providers that deliver essay help. We provide tailored essay assistance to make sure that student gets online essay help exactly in the way they want it to be written. We at MyAssigemnthelp.com have built teams of consultants, who readily attend every query related to help me writing my essay. We provide essay writing help in forms of tips and steps in order o assist students with tough essay assignments.

Latest It Write Up Samples

MNG03218 Managing Information Systems 15

Download : 0 | Pages : 17

Answer: Introduction The purpose of the report has been using 7-step SDLC model for helping Lizard Island Resort for developing a new CRM system. Initially, this report introduces about Lizard Island Resort and analyse external and internal environment. Therefore, the current customer relationship management issues and challenges in the Lizard Island Resort. As per the 7-step SDLC model, Lizard Island Resort needs to create a project team for a...

Read More arrow

COIT20263 Information Security Management System

Download : 0 | Pages : 16
  • Course Code: COIT20263
  • University: Central Queensland University
  • Country: Australia

Answer: Introduction Information security management consists of set of policies and rules that are used to secure all the confidential and sensitive information. This security system is used to minimize the risk and assure that business continuity is maintained by making sure that security breach does not occur. In this report, smart software Pvt lmt. Is considered it is one of the leading software company situated in Melbourne. The risk pla...

Read More arrow

MNG03218 Managing Information Systems 14

Download : 0 | Pages : 17

Answer: Introduction The purpose of this research proposal is to establish a 7-Step Model for Systems Development Life Cycle or SDLC to implement the Operational CRM System within the Primus Hotel in Sydney. This entire implementation plan needs to be developed through an overall background of the organization presented to see whether the implementation is feasible enough. Next, the proposal would analyse the external and the internal environ...

Read More arrow

MNG03218 Managing Information Systems 13

Download : 0 | Pages : 17

Answer: Introduction This aim of this report is to discuss the implementation of the ERP system in the company Powepod. The company specialises in the business of vending machines and it provides the customers with the battery packs, charger cables and headphones whenever it is required. This business is based in Queensland and it includes the product development, importing and sourcing, marketing and branding, and business development. A bri...

Read More arrow

MNG03218 Managing Information Systems 12

Download : 0 | Pages : 18

Answer: Implementation of CRM System in Sydney Harbor Marriot Hotel Introduction The upcoming pages of the report deal with implementation of CRM (Customer Relationship Management) in Sydney Marriot by making use of SDLC Model. The report begins with an analysis of internal and external environment of Marriot group (Evanoff 2016). Apart from this, it tends to highlight the importance of new CRM system for achieving its required goals. As per...

Read More arrow
Next
watch

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,249,346

Orders

4.9/5

Overall Rating

5,068

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

440 Order Completed

99% Response Time

Jack Arens

MBA in HRM

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

248 Order Completed

100% Response Time

Lloyd Bernabe

MSc in Accounting

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

755 Order Completed

95% Response Time

Douglas Cowley

Masters in Finance with Specialization in Audit

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

529 Order Completed

95% Response Time

Ivan Blank

PhD in Functional Human Biology

Wellington, New Zealand

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

I hope I get good mark! I hope I get good mark!I hope I get good mark!I hope I get good mark!I hope I get good mark!I hope I get good mark!

flag

User Id: 392150 - 08 Apr 2020

Australia

student rating student rating student rating student rating student rating

HANDED IN ON TIME THOUGH GAVE A VERY SHORT TIME TO DO SO. THE WORK WAS WELL DONE TOO!!

flag

User Id: 194216 - 08 Apr 2020

Australia

student rating student rating student rating student rating student rating

Always impecable work. I super reccoment this service to anyone. The quality of work and agile delivery are the high points.

flag

User Id: 396689 - 08 Apr 2020

Australia

student rating student rating student rating student rating student rating

this was an excellent assignment I cant understand how the assignments can differ in presentation, is it that some writers are trained and some are not.

flag

User Id: 315260 - 08 Apr 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?