Phishing is a social engineering activity of luring internet users into using or clicking certain computer links in a site, emails or other web pages sites. The cybercriminal uses this means in order to obtain sensitive information of a target such as passwords, usernames, and credit cards numbers for malicious intentions by pretending to be entrusted entity.
For instance, an attacker can perform an email phishing by sending an email that appears to be sent from one of the user’s bank. The attacker engages trustworthy of the victim by pretending to be that bank. The email may contain an information about some pending account in-activity that the users need to send sensitive details about his account for him to be activated. When the user sends the details, the attacker obtains the bank details and uses to access users bank account.
Phishing attackers uses the following techniques to attack the victims using below phishing types: (Ramzan, 2010)
This is phishing attempt always directed to the target victim where the victim can be an individual, organisation or a company. Attackers gathers sensitive or crucial information that will perfect the attention of the victims when sent to them. This technique is the most successful one.
This type of phishing always takes advantage of sent emails that are sent to the recipients. Attackers take advantage of mails that contains attachment or links. The attackers obtains the same mails and edit them and create almost identical mails and send them to the earlier recipient address. The mail contains malicious content but the recipient won’t realize whether that the mail has bad intention, they only think that the same sender may be sent an updated mail or sent another mail to counter any loss of delivery.
This type of phishing targets senior executives and senior heads in an organisation or a business. The form or way used to attack takes an executive form in a way that it will capture senior managers or workers attention. The information sent may be in form of a customer complaint form that will lure in the senior manager to open the info or link hence sending sensitive information to the attacker without realisation.
The phishers use mails or websites for their targets. They add links to the websites which hold sensitive business activities and embed misspelt urls that appears to be correct if the user is not very keen. The user may click the link and be redirected to an alike webpage comprising almost the same details / information. The user may end up providing login details without realising he has just sent the details to the attacker.
Phishers started using images to evade anti-phishing filters where they hide the text behind the image. Although some techniques have been devised to detect phishing texts in images and even when the texts are rotated, the phishers continues to attack various victims of website and email users.
This is a trick used by attackers that provide links that appear legitimate to the users. The links may be popups that requires users to login to their sensitive accounts while the attackers have used them to capture sensitive details.
The attackers uses the voice phishing to attack the victims. The phishers can send a fake message containing sensitive information that will capture victim’s attention. The message may be framed to have come from a recognised organisation like a bank. Victim may be prompted to enter pin without realising that massage has a fake ID source. Therefore the attacker will obtain user’s sensitive details and use them for malicious activities.
What makes the phishing to become more and more success is due to human nature which is tough to overcome. The phishers are taking advantage of human nature and post information that will always capture victim attention. For instance, the phishers can send a love bug or health advises that has key information to be ignored by the victim.
While the technologists are increasingly devising control measures for anti-phishing, the phishers are becoming cleverer. They are using super phishers to hack and spoof information. They can hide the phishing links that goes un-noticed by phishing detectors.
The main success of the attackers is how currently they can protect themselves from being noticed. Like earlier days where they could redirect victims using links to fake sites and prompt users to enter some details like the login credentials, currently the victim just clicks the links and activates a background rogue codes that exploit victim computer without user noticing. This may lead to installation of ransom ware into victim’s computers without victim consent.
The phishers also take advantage of users unaware of the victims especially if the victims are not expecting phishers to have interests in their sensitive details.
Tools used by phishers
Phishers have variety of tools readily available to them that makes their attacks a success. These tools can be used to perform various functions like mail delivery, website spoofing and phishing malware embedment.
These are the list of those tools used:
Bots are programs that reside in a computer and provide remote controls through various protocols. When many bots are controlled from one control they make a botnet. Botnets are controlled in way that they can be used to cause an attack to certain computer targets. When a computer becomes a bot, it can be used to send a malicious mail, cause other web browsers users to be redirected into malicious web pages, install additional malware to itself, cause surveillance to other computers sensitive details and more other illicit activities.
Bots can be redistributed through file sharing and mailings.
The phishers have become more ready through use of readily available kits which contains set of equipment that can be used perform an attack. The kit contains set of ready bots, hosting domains that have assurance of not been closed off or detected (Roberts, 2004), list of servers which can be targeted and more so famous sites and organisation details that an attacker can use to attack. In current days, the developers of these kits don’t sell them, in fact they spend time in advancing these bots and making newer versions of bots that can be downloaded by interested phishers for free (Sophos, 2000). The technology needed to perform an attack has been made readily available by the kit providers hence more attacks are continuing to happen
As the internet users have become more aware of the detection of phishing codes and links, the attackers have engaged in more tricky ways of performing their attacks. They make counterfeit websites that cannot be noticed by the internet users while redirecting.
Phishers have been waiting for internet users to log in to web applications and become men in the middle. They capture ones IP address and fake Mac address and pretend to be the original owner of the authentication credentials. They do this until they capture all sensitive details that will help them perform a fraudulent attack without users prior knowledge since they forward the messaging signals to the server on behalf of the owner. They act as the first destination of senders signal and as the first receivers of servers signals been sent to the user.
Phishers have using the domain name service exploits where they pretend to be the said url name while the IP address of the address is fake. They do this to gain users trust without user’s prior knowledge.
Technologists have made bots that readily are available to the phishers. These malwares are designed for spying and illicit operations between the affected computers. The bots can be used for spying in a certain computers details and even send those details to the main control and obtain sensitive data for malicious gain.
As the phishing has become more and more successful and affecting organization to negativity through spear phishing, the organizations are concerned more on how to counter the attackers. Spear phishing has been used to perform large cyber-attacks leading to large money loss in organizations.
The spear phishing has impacted negatively to the affected organizations. For instance, most of those organization reported to have been attacked, they have experienced:
For those two main losses, the attackers used malwares to obtain authentication details and obtained organisation sensitive information.
The attackers have been using emails to counter victims trust.
The attackers always targets the finance and IT staff who always hold sensitive details about money or authentication credentials for an organisation.
The main negative impacts of phishing to an organisation are as follows: (Van der Merwe, 2005)
The organisation has used various technologies to prevent themselves from phishers. The techniques they use are:
Current and Future Trends of Phishing
Currently phishing is becoming more and more prone affecting many organization leading to losses. The phishers are cleverer than before. They have devised phishing techniques that cannot be easily noticed. The phishers have taken advantage of human nature in a way they easily afford human attention by gaining their trust. The phishers are forging sites and e-commerce accounts in a way that site users are hard to realise that the sites are spoofed. As the technology advances, the phishers are devising more and more tricky spams which are hard to be detected by anti-phishing software. The speed at which hackers are devising new phishing techniques is super-exceeding the technology used to make new phishing control measures. (APWG, 2004)
The future of phishing is to hack many sites, banks and e-commerce sites without any complexity. This will lead to collapse of businesses if technologists don’t speed up their techniques of devising control measures.
Phishing has taken advantage of research survey where the internet users can be tricked to fill some phone or bank details so as to capture victim sensitive information.
Other phishers are using trick games which always appear as a pop up where the victim is deceived to have won a gift but at the end the victim is issuing his authentication details pertaining a bank or other financial institution like the master cards.
The following key points goes with the current trends in phishing:
Phishers are using social engineering techniques to trick the internet users to click a link and activate malicious codes by finding vulnerabilities. The attackers embed the codes in emails and websites that are common to the users and which contains sensitive information especially details of banks and e-commerce. The phishers make the codes in a way that it is hard to be noticed by the victims. This codes when activated, they run in background of victim’s computer and performs spying activities which can capture users’ usernames and passwords in the browsers and emails.
Phishers has been using common infrastructure to attack the internet users. They use websites, bot nets and mails to host phishing sites and malicious software.
The main trend now is that the websites hosting companies are ensuring the clients’ websites have been configured with anti-phishing technologies to prevent phishers from spoofing. As well the law and the government should ensure that the criminals and hosting companies of phishing sites are taken into courts and be prosecuted for committing this kinds of crimes
Phishing Control and Avoidance
For phishing control in organisations, the staff should be warned, made aware, trained and be given reinforcing messages in day to day to counter attackers techniques. (Ramzan, 2010)
Even though awareness is not enough, the web pages and other sites should be incorporated with anti-phishing programs that can detect phishing links and remove them immediately.
In addition, the organization can filter phishing emails or web pages in a network before reaching to the staff.
The best phishing defensive mechanism is:
Two factor authentication can be used to provide users with a hardware token that keep on changing after every logins. The attacker won’t be able to use the credentials since the details keeps on changing.
Anti-malware have been implemented to prevent users against suspicious codes used by the phishers. These products are always enabled and updated to provide maximum protection.
The law can be used to suppress the hosting sites sending phishing mails or codes and hence be shut down. The practice should be done previously as the phishers keep on devising new hosting sites.
Though there has been techniques and measures used to counter phishing, the technology should be improved to counter the phishing to zero tolerance. The measures that can be recommended is:
Since phishing is profitable activities to the attackers, the phishers are becoming more and more intelligent in using technology for their profit gains. Organisation should involve themselves in creating awareness to their staff and public to counter the phishers. New and advanced technologies are been devised to keep off the phishers. Phishers can lead to an organisation collapse.
Ramzan, zulfikar. “Phishing attacks and countermeasures”. In stamp, Mark & Stavroulakis, Peter. Handbook of information and communication Security. 2010, Springer ISBN 9783642041174
Van der Merwe, A.J, Loock, M, Dabrowski, M. (2005), Characteristics and Responsibilities involved in a Phishing Attack, Winter International involved in a Phishing Attack, Winter Symposium on Information and Communication Technologies, January 2005, Cape Town.
Anti-Phishing Working Group. Phishing Activity Trends Report, March, 2017.https://www.antiphishing.org/APWG_Phishing_Activity_Report-March2017.pdf
Anti-Phishing Working Group. Phishing Activity Trends Report, March 2017. Retrieved 3March 30, 2017 from https://antiphishing.org/APWG_Phishing_Activity_Report_April_2005.pdf
McWilliams, Brian. “Cloaking Device Made for Spammers.” Retrieved March 30, 2017 from https://www.wired.com/news/business/0,1367,60747,00.html.
“Do-it-yourself phishing kits found on the internet, reveals Sophos”. Retrieved March 30, 2017 from https://www.sophos.com/spaminfo/articles/diyphishing.html.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2018). Phishing Is A Social Engineering . Retrieved from https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.
"Phishing Is A Social Engineering ." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.
My Assignment Help (2018) Phishing Is A Social Engineering [Online]. Available from: https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering
[Accessed 09 April 2020].
My Assignment Help. 'Phishing Is A Social Engineering ' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering> accessed 09 April 2020.
My Assignment Help. Phishing Is A Social Engineering [Internet]. My Assignment Help. 2018 [cited 09 April 2020]. Available from: https://myassignmenthelp.com/free-samples/phishing-is-a-social-engineering.
MyAssignmenthelp.com is one of the noted service providers that deliver essay help. We provide tailored essay assistance to make sure that student gets online essay help exactly in the way they want it to be written. We at MyAssigemnthelp.com have built teams of consultants, who readily attend every query related to help me writing my essay. We provide essay writing help in forms of tips and steps in order o assist students with tough essay assignments.
Answer: Introduction The purpose of the report has been using 7-step SDLC model for helping Lizard Island Resort for developing a new CRM system. Initially, this report introduces about Lizard Island Resort and analyse external and internal environment. Therefore, the current customer relationship management issues and challenges in the Lizard Island Resort. As per the 7-step SDLC model, Lizard Island Resort needs to create a project team for a...Read More
Answer: Introduction Information security management consists of set of policies and rules that are used to secure all the confidential and sensitive information. This security system is used to minimize the risk and assure that business continuity is maintained by making sure that security breach does not occur. In this report, smart software Pvt lmt. Is considered it is one of the leading software company situated in Melbourne. The risk pla...Read More
Answer: Introduction The purpose of this research proposal is to establish a 7-Step Model for Systems Development Life Cycle or SDLC to implement the Operational CRM System within the Primus Hotel in Sydney. This entire implementation plan needs to be developed through an overall background of the organization presented to see whether the implementation is feasible enough. Next, the proposal would analyse the external and the internal environ...Read More
Answer: Introduction This aim of this report is to discuss the implementation of the ERP system in the company Powepod. The company specialises in the business of vending machines and it provides the customers with the battery packs, charger cables and headphones whenever it is required. This business is based in Queensland and it includes the product development, importing and sourcing, marketing and branding, and business development. A bri...Read More
Answer: Implementation of CRM System in Sydney Harbor Marriot Hotel Introduction The upcoming pages of the report deal with implementation of CRM (Customer Relationship Management) in Sydney Marriot by making use of SDLC Model. The report begins with an analysis of internal and external environment of Marriot group (Evanoff 2016). Apart from this, it tends to highlight the importance of new CRM system for achieving its required goals. As per...Read More
Just share your requirements and get customized solutions on time.
Our writers make sure that all orders are submitted, prior to the deadline.
Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.
Feel free to contact our assignment writing services any time via phone, email or live chat.
Our writers can provide you professional writing assistance on any subject at any level.
Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.
Get all your documents checked for plagiarism or duplicacy with us.
Get different kinds of essays typed in minutes with clicks.
Calculate your semester grades and cumulative GPa with our GPA Calculator.
Balance any chemical equation in minutes just by entering the formula.
Calculate the number of words and number of pages of all your academic documents.
Our Mission Client Satisfaction
I hope I get good mark! I hope I get good mark!I hope I get good mark!I hope I get good mark!I hope I get good mark!I hope I get good mark!
HANDED IN ON TIME THOUGH GAVE A VERY SHORT TIME TO DO SO. THE WORK WAS WELL DONE TOO!!
Always impecable work. I super reccoment this service to anyone. The quality of work and agile delivery are the high points.
this was an excellent assignment I cant understand how the assignments can differ in presentation, is it that some writers are trained and some are not.