Phishing
In today’s world all people are vulnerable to security issues that can affect their personal finances or even worse their identity. There are many different types of security issues and concerns. Phishing is an e-mail fraud method in which the perpetrator sends out very realistic emails in an attempt to gather personal and financial information form recipients. The emails appear legit and are usually from other web sites that are trustworthy (Hong, 2012). The following report explains the security issues of Phishing and what companies are doing to protect themselves. Followed by the government’s current plan of attack against phishing, and in closing, the researchers own interpretation of Phishing.
Email Phishing Scams: Don't Get Hooked!
Email is a low cost and low risk method for cybercriminals to find and exploit their victims. Some estimates say that it is common for a single Phishing message to be sent to millions of email addresses, and even with a small percentage of recipients clicking on a malicious link or attachment, a cybercriminal can earn large sums of money from their exploit. Look over the following examples of typical Phishing attacks to become familiar with them and to better prepare yourself to spot an attack when it arrives in your inbox.Do not get hooked on these scams:
Banking Scam:
If you receive an email from what looks like a reputable financial institution with a warning of some issue with your account and the message requests that you click on a link or open an attachment, do not click/open. Banks may issue alerts via email but they will not send unsolicited attachments. And although the bank may include a link for convenience, it is far safer to log directly into your financial institution's website to see if there's any indication of a problem. If directly logging in is a problem, then call your bank to ask for help.Jury Scam:
If you receive a message from someone claiming to represent law enforcement and the message claims that you owe money because you failed to appear for jury duty, do not respond to the message. Rather make direct contact with your local authorities to confirm the accuracy of the claim.Free Gift Scam:
If you receive a message informing you that you have won a prize, but before you can claim it you must send cash, this is a scam. You should never have to pay money to claim a prize. Keep in mind that anything too good to be true is not true.Tax Scam:
If you receive a message from someone claiming to represent a tax authority informing you that you owe the government money, do not respond. Tax authorities do not contact you via email to settle outstanding tax payments.Deployment Scam:
If you receive an email from someone stationed overseas who needs your bank account information to store funds for safekeeping, delete the message. This is a common ploy by criminals to steal your banking information.Your Credit Card Has Been Deactivated Scam:
If you receive an email warning you that your card has been deactivated, and in order to reactive it, you must provide them with your account information, do not respond. If you truly believe that your credit card is, or could be, deactivated, call your credit card company for assistance.Debt Collector Scam:
If you receive a message from someone claiming you are in default of a loan, don't rely on the information in the message. Directly contact your loan company to check status and to make them aware of the email message you received.Background Check Scam:
If you receive a message stating that you are the subject of a background check and that you need to provide personal information to verify who you are, do not respond. The sender is likely phishing for your personally identifiable information.Nigerian or 419 Scam:
If you get a message from someone claiming to have access to a large sum of money and they need your help to claim it, beware. This is one of the oldest and most common scams. The scam typically involves promising the victim a significant share of the money and all the victim needs to do is send a small upfront payment to obtain their portion. Once the money is received, the requests for additional payments keep coming or the criminal simply disappears.Types of Phishing
There are different terms used when phishing that goes along with the topic on hand. “Spearfishing”, “Whaling”, “watering hole” and “social phishing” are just to name a few. The main purpose of a spear phishing attack is to steal highly important and profound information, while ordinary phishing purpose is to get financial intel that usually causes serious security breaches that could seriously damage the victim(Heimerl, 2012).The use of social networks is strategic for a social engineering attack because users usually trust user’s profile, messages, and related content without paying the necessary attention. Most of the time, the messages ask the victims to watch a video, view a photo, or play a new game. Once the link is opened a malware attack is unleashed. The watering hole is a technique used when a phisher or attacker profiles the victims. They typically know what type of websites the victims use and see what web site they can compromise. Then the attacker will wait for the perfect moment leading them to the watering hole. Once there, the attacker gets their information just like an aggressive animal would at a watering hole that is waiting for the prey to stop and drink. Whaling is the same as phishing but it is used to bring in the big fish. Whaling is very similar and has the same practices of spear phishing. Most of the time, the body of the message sent and is designed for upper management and reports some kind of fake company-wide concern or high confidential information(INFOSEC Institute, 2012).Limitations of Security on Phishing
The security on Phishing does have some limitations with systems being compromised, fraudsters consistently trying every effort to break in to people’s businesses and the government’s databases. The chance of being attacked will always be relevant. How do we prevent this from happening? Even JPMorgan was a victim. The attack was referred to as a smash and grab. And just like that, JPMorgan and its customers were overloaded with an astonishing amount of emails that told them to click on the link provided. This link supposedly had a secure message from JPMorgan. The users who did click the link were enticed by a legitimate screen shot from a previous JPMorgan email(Damouni, 2014).
Businesses and people will continue to fall victim, because of phishers purposely abuse the less fortunate. The victims fall in the trap of the unknowing of interfaces that do not give away the proper signals for measuring the honesty of email messages and web sites. Furthermore, an unfathomable understanding of end-user motivations, beliefs, and mental models is essential for the security community to build effective countermeasures (Hong, 2012).
To prevent such attacks one should be aware of spam
and take serious caution when asked for financial
information. Never click on unfamiliar links, emails, or
download information from unknown sources. When
performing online purchases the https has to be located
at the top web address. Beware of pop-ups and never put
personal information in the pop-ups(INFOSEC Institute,
2012). Stay clear of the bad sites and consider limiting
access to payment types from mobile devices. These
laptops and systems based in home offices tend to be
more likely to be a victim. Keep regular scans and
updates. Always communicate with employees and
co-workers, don’t forget the human touch. Take caution
with anything suspicious in emails and web sites
(Heimerl, 2012).