Phishing Attack: Raising Awareness and Protection Techniques

Mapping Intimacies ◽

10.31234/osf.io/uxeth ◽

2022 ◽

Author(s):

Sotonye Kalio

Keyword(s):

Social Engineering ◽

Phishing Attacks ◽

Multifactor Authentication ◽

Raising Awareness ◽

Automated Tools

Phishing is a form of social engineering attack that can be used to steal sensitive and vital information and details from unsuspecting entities which could either be organizations or individuals. This paper gives a review on how phishing attacks are carried out and the protection techniques involved in defending against such attacks and how to raise awareness about such attacks in Bournemouth University using the MINDSPACE framework. The protection techniques would be classified into three layers namely; automated tools, training and knowledge, and multifactor authentication. The awareness would be raised using the MINDSPACE framework and it revealed that about 50% of the students approached were ignorant of the phishing attack and the tactics used to carry the attack out.

Download Full-text

Phishing

Advances in Enterprise Information Technology Security ◽

10.4018/978-1-59904-090-5.ch011 ◽

2011 ◽

pp. 210-220 ◽

Cited By ~ 1

Author(s):

Indranil Bose

Keyword(s):

Personal Information ◽

Social Engineering ◽

End User ◽

Management Tools ◽

Multifactor Authentication ◽

Mail Server ◽

Protection Strategies ◽

Password Management ◽

E Mail ◽

User Protection

Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted using social engineering or technical deceit–based methods. The various ways in which phishing can take place are described in this chapter. This is followed by a description of key strategies that can be adopted for protection of end users and organizations. The end user protection strategies include desktop protection agents, password management tools, secure e-mail, simple and trusted browser setting, and digital signature. Among corporate protection strategies are such measures as e-mail personalization, mail server authentication, monitoring transaction logs, detecting unusual downloading activities, token based and multifactor authentication, domain monitoring, and Web poisoning. Some of the commercially available and popular anti-phishing products are also described in this chapter.

Download Full-text

On tackling social engineering web phishing attacks utilizing software defined networks (SDN) approach

2016 2nd International Conference on Open Source Software Computing (OSSCOM) ◽

10.1109/osscom.2016.7863679 ◽

2016 ◽

Cited By ~ 2

Author(s):

Mohammad Masoud ◽

Yousef Jaradat ◽

Amal Q. Ahmad

Keyword(s):

Social Engineering ◽

Software Defined Networks ◽

Phishing Attacks

Download Full-text

THE PLACE OF SOCIAL ENGINEERING IN THE PROBLEM OF DATA LEAKS AND ORGANIZATIONAL ASPECTS OF CORPORATE ENVIRONMENT PROTECTION AGAINST FISHING E-MAIL ATTACKS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.615 ◽

2021 ◽

Vol 1 (13) ◽

pp. 6-15

Author(s):

Yuriy Yakymenko ◽

Dmytro Rabchun ◽

Mykhailo Zaporozhchenko

Keyword(s):

Social Engineering ◽

Corporate Environment ◽

Phishing Attacks ◽

Internet Users ◽

Significant Damage ◽

Hands On ◽

Periodic Testing ◽

Almost All ◽

E Mail ◽

Security Incidents

As the number and percentage of phishing attacks on company employees and regular users have tended to increase rapidly over the last two years, it is necessary to cover the issue of protection against this type of social engineering attacks. Throughout the pandemic, intruders are finding more and more new ways to cheat, so even experienced Internet users can become a victim to their scams. Due to the fact that e-mail is used in almost all companies, most fishing attacks use e-mail to send malicious messages. The article discusses the main methods used by attackers to conduct phishing attacks using e-mail, signs that the user has become a victim to social engineers, and provides recommendations how to increase the resilience of the corporate environment to such attacks using organizational methods. Because the user is the target of phishing attacks, and the tools built into the browser and email clients in most cases do not provide reliable protection against phishing, it is the user who poses the greatest danger to the company, because he, having become a victim of a fishing attack, can cause significant damage to the company due to his lack of competence and experience. That is why it is necessary to conduct training and periodic testing of personnel to provide resistance to targeted phishing attacks. Company employees should be familiar with the signs of phishing, examples of such attacks, the principles of working with corporate data and their responsibility. The company's management must create and communicate to the staff regulations and instructions that describe storage, processing, dissemination and transfer processes of information to third parties. Employees should also report suspicious emails, messages, calls, or people who have tried to find out valuable information to the company's security service. Raising general awareness through hands-on training will reduce the number of information security incidents caused by phishing attacks.

Download Full-text

A Mamdani Type Fuzzy Inference System to Calculate Employee Susceptibility to Phishing Attacks

Applied Sciences ◽

10.3390/app11199083 ◽

2021 ◽

Vol 11 (19) ◽

pp. 9083

Author(s):

Yahya Lambat ◽

Nick Ayres ◽

Leandros Maglaras ◽

Mohamed Amine Ferrag

Keyword(s):

Fuzzy Logic ◽

Fuzzy Inference System ◽

Human Error ◽

Fuzzy Inference ◽

Social Engineering ◽

Rule Base ◽

Inference System ◽

Phishing Attacks ◽

Future System ◽

The Individual

It is a well known fact that the weakest link in a cyber secure system is the people who configure, manage or use it. Security breaches are persistently being attributed to human error. Social engineered based attacks are becoming more sophisticated to such an extent where they are becoming increasingly more difficult to detect. Companies implement strong security policies as well as provide specific training for employees to minimise phishing attacks, however these practices rely on the individual adhering to them. This paper explores fuzzy logic and in particular a Mamdani type fuzzy inference system to determine an employees susceptibility to phishing attacks. To negate and identify the susceptibility levels of employees to social engineering attacks a Fuzzy Inference System FIS was created through the use of fuzzy logic. The utilisation of fuzzy logic is a novel way in determining susceptibility due to its ability to resemble human reasoning in order to solve complex inputs, or its Interpretability and simplicity to be able to compute with words. This proposed fuzzy inference system is based on a number of criteria which focuses on attributes relating to the individual employee as well as a companies practices and procedures and through this an extensive rule base was designed. The proposed scoring mechanism is a first attempt towards a holistic solution. To accurately predict an employees susceptibility to phishing attacks will in any future system require a more robust and relatable set of human characteristics in relation to the employee and the employer.

Download Full-text

Cybersecurity Governance on Social Engineering Awareness

Advances in Electronic Government, Digital Divide, and Regional Development - Employing Recent Technologies for Improved Digital Governance ◽

10.4018/978-1-7998-1851-9.ch011 ◽

2020 ◽

pp. 210-236 ◽

Cited By ~ 2

Author(s):

Vasaki Ponnusamy ◽

Leslie Mark Pannir Selvam ◽

Khalid Rafique

Keyword(s):

Crucial Role ◽

Social Engineering ◽

The Internet ◽

Raising Awareness

Raising awareness on social engineering is becoming more essential. When we are connected to the internet, we are at the risk of becoming victims of numerous attacks. It is very difficult to protect ourselves from all of these threats, but the least we could do is not jeopardize our own safety. In order to achieve this, the need to have substantial knowledge on social engineering techniques and how to safeguard one from being victimized are mandatory. This research presents the overview of social engineering attacks. This plays a crucial role in supporting victims of cyber assaults.

Download Full-text

Improving Auto-Detection of Phishing Websites using Fresh-Phish Framework

Cognitive Analytics ◽

10.4018/978-1-7998-2460-2.ch018 ◽

2020 ◽

pp. 326-340

Author(s):

Hossein Shirazi ◽

Kyle Haefner ◽

Indrakshi Ray

Keyword(s):

Machine Learning ◽

Social Engineering ◽

The Internet ◽

Privacy And Security ◽

Machine Learning Classifiers ◽

Learning Classifiers ◽

Phishing Attacks ◽

Website Features ◽

Learning Data

Denizens of the Internet are under a barrage of phishing attacks of increasing frequency and sophistication. Emails accompanied by authentic looking websites are ensnaring users who, unwittingly, hand over their credentials compromising both their privacy and security. Methods such as the blacklisting of these phishing websites become untenable and cannot keep pace with the explosion of fake sites. Detection of nefarious websites must become automated and be able to adapt to this ever-evolving form of social engineering. There is an improved framework that was previously implemented called “Fresh-Phish”, for creating current machine-learning data for phishing websites. The improved framework uses a total of 28 different website features that query using python, then a large labeled dataset is built and analyze over several machine learning classifiers against this dataset to determine which is the most accurate. This modified framework improves the accuracy of modeling those features by using integer rather than binary values where possible. This article analyzes not just the accuracy of the technique, but also how long it takes to train the model.

Download Full-text

Interaction of Personality and Persuasion Tactics in Email Phishing Attacks

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1541931213601815 ◽

2017 ◽

Vol 61 (1) ◽

pp. 1331-1333 ◽

Cited By ~ 3

Author(s):

Patrick Lawson ◽

Olga Zielinska ◽

Carl Pearson ◽

Christopher B. Mayhorn

Keyword(s):

Social Engineering ◽

Personality Inventory ◽

Identification Accuracy ◽

Third Party ◽

Sensitive Information ◽

Identification Task ◽

Engineering Research ◽

Phishing Attacks ◽

Multiple Interactions ◽

Increased Susceptibility

Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.

Download Full-text

Email Spoofing & Backlashes

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.j9310.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 1204-1209

Keyword(s):

Best Practices ◽

Real World ◽

Mass Communication ◽

Social Engineering ◽

Anomalous Behavior ◽

Detection Methods ◽

Central Target ◽

Phishing Attacks ◽

The Social ◽

The Impact

The email service is a core platform for Mass communication as a consequence of which, it becomes central Target of all the social engineering and phishing attacks. As a consequence, attackers can try to impersonate or fake a trusted identity to carry out highly sophisticated and deceptive phishing attacks via Email Spoofing. In this work, we analyze: (1) how different Email providers detect and deal with such attacks? (2) Existing protection techniques and what is its scope of effectiveness? (3) Under Which conditions do spoofed emails reach inbox and its potential consequences? (4) Best practices and Adaptability apart from existing methods to remain secure. We address this concern by considering the parameters of top 25 email services (Used by more than billions of users) and also real world experiments. The existing protocols, security layers and the restrictions based on detection methods. The scale of implications by allowing the forged emails to enter the inbox despite getting detected by layers of SPF, DKIM, DMARC and ARC. The extent of problems caused in different paradigms, and the potential of having just SMTP implemented without any additional security layers within the domains. The impact of Misleading UI for allowed spoofed emails by providers is also discussed briefly. We observe the impression of security when users are caught off guard in real world testing on domains (eg. Gmail, Hotmail, Yahoo mail, etc ) by simple platforms to spoof (eg. emkei.cz) apart from discussing the anomalous behavior of gmail as a response. We have conducted experiment to analyze behavior of top email domains against spoofed emails of various types

Download Full-text

Older Adults and the Authenticity of Emails: Grammar, Syntax, and Compositional Indicators of Social Engineering in Ransomware and Phishing Attacks.

2018 Fourteenth International Conference on Information Processing (ICINPRO) ◽

10.1109/icinpro43533.2018.9096878 ◽

2018 ◽

Author(s):

Premankit Sannd ◽

David M. Cook

Keyword(s):

Older Adults ◽

Social Engineering ◽

Phishing Attacks

Download Full-text

An Emerging Solution for Detection of Phishing Attacks

10.5772/intechopen.96134 ◽

2021 ◽

Author(s):

Prasanta Kumar Sahoo

Keyword(s):

Cyber Security ◽

Electronic Mail ◽

Social Engineering ◽

Machine Learning Algorithms ◽

Security Attacks ◽

Decision Tree Classifier ◽

Phishing Attacks ◽

Tree Classifier ◽

Prevention Methods ◽

E Mail

In this era of computer age, as more and more people use internet to carry out their day to day work so as hackers performs various security attacks on web browsers and servers to steal user’s vital data. Now Electronic mail (E-mail) is used by everyone including organizations, agency and becoming official communication for the society as a whole in day to day basis. Even though a lot of modern techniques, tools and prevention methods are being developed to secure the users vital information but still they are prone to security attacks by the fraudsters. Phishing is one such attack and its detection with high accuracy is one of the prominent research issues in the area of cyber security. Phisher fraudulently acquire confidential information like user-id, passwords, visa card and master card details through various social engineering methods. Mostly blacklist based methodology is used for detection of phishing attacks but this method has a limitation that it cannot be used for detection of white listed phishing. This chapter aims to use machine learning algorithms to classify between phishing E-mails and genuine E-mails and helps the user in detecting attacks. The architectural model proposed in this chapter is to identify phishing and use J48 decision tree classifier to classify the fake E-mail from real E-mail. The algorithm presented here goes through several stages to identify phishing attack and helps the user in a great way to protect their vital information.

Download Full-text