Phishing Attacks and Countermeasures

2011 ◽  
pp. 221-238
Author(s):  
Bogdan Hoanca
Keyword(s):  
Information Security ◽  
Private Information ◽  
Financial Industry ◽  
Security Systems ◽  
Weakest Link ◽  
Phishing Attacks ◽  
Cryptographic Algorithms ◽  
Cryptographic Techniques ◽  
Software Attacks ◽  
E Mail

The field of information security has realized many advances in the past few decades. Some of these innovations include new cryptographic techniques, network protocols, and hardware tokens. However, the weakest link in information security systems, human gullibility, remains extremely vulnerable. Even the strongest cryptographic algorithms are useless if a user is fooled into disclosing their authentication information. This chapter describes the threat of phishing in which attackers generally sent a fraudulent e-mail to their victims in an attempt to trick them into revealing private information. We start by defining the phishing threat and its impact on the financial industry. Next, we review different types of hardware and software attacks and their countermeasures. Finally, we discuss policies that can protect an organization against phishing attacks. An understanding of how phishers elicit confidential information along with technology and policy-based countermeasures will empower managers and end users to better protect their information systems.

scholarly journals Cryptography for Secure E-mail Communication

2019 ◽  
Vol 7 (2) ◽  
pp. 67-71
Author(s):  
Vibha Ojha ◽  
Ravinder Singh
Keyword(s):  
Social Media ◽  
Private Information ◽  
Instant Messaging ◽  
Online Data ◽  
Cryptographic Algorithms ◽  
Government Surveillance ◽  
Malicious Insiders ◽  
State Of Affairs ◽  
E Mail ◽  
The Web

Users share private information on the web through a variety of applications, suchas email, instant messaging, social media, and document sharing. Unfortunately, recentrevelations have shown that not only is users' data at risk from hackers and malicious insiders,but also from government surveillance. This state of affairs motivates the need for users tobe able to encrypt their online data specifically the e-mail communication. This paper shows the use of cryptographic algorithms for secure e-mail communication.

Individual processing of phishing emails

2016 ◽  
Vol 40 (2) ◽  
pp. 265-281 ◽  
Author(s):  
Brynne Harrison ◽  
Elena Svetieva ◽  
Arun Vishwanath
Keyword(s):  
Private Information ◽  
Content Type ◽  
Online Fraud ◽  
Phishing Attacks ◽  
Effective Decision ◽  
Effective Decision Making ◽  
E Mail ◽  
Role Of Information ◽  
Insight Into

Purpose – The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach – A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings – Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications – The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications – The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value – This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

Fraud and Identity Theft Issues

2012 ◽  
pp. 245-260
Author(s):  
Ranaganayakulu Dhanalakshmi ◽  
Chenniappan Chellappan
Keyword(s):  
Social Security ◽  
Private Information ◽  
Credit Card ◽  
Personal Information ◽  
Personal Data ◽  
Integrated Approach ◽  
Identity Theft ◽  
Phishing Attacks ◽  
E Mail ◽  
Cross Site

Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. In spite of the different possible attacks discussed in later chapters, this chapter can focus on phishing attacks – a form of indirect attacks– such as an act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. Phishing attacks use ‘spoofed’ e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, et cetera. The vulnerabilities on various phishing methods such as domain name spoofing, URL obfuscation, susceptive e-mails, spoofed DNS and IP addresses, and cross site scripting are analyzed, and the chapter concludes that an integrated approach is required to mitigate phishing attacks.

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

2017 ◽  
Vol 5 (1) ◽  
pp. 8-15
Author(s):  
Sergii Hilgurt ◽  
Keyword(s):  
Information Security ◽  
Pattern Matching ◽  
Intrusion Detection System ◽  
Detection System ◽  
Finite Automata ◽  
Network Intrusion Detection ◽  
Security Systems ◽  
Analytical Technique ◽  
Network Intrusion ◽  
Pros And Cons

The multi-pattern matching is a fundamental technique found in applications like a network intrusion detection system, anti-virus, anti-worms and other signature- based information security tools. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore’s law, traditional software solutions can no longer keep up. Therefore, hardware approaches are frequently being used by developers to accelerate pattern matching. Reconfigurable FPGA-based devices, providing the flexibility of software and the near-ASIC performance, have become increasingly popular for this purpose. Hence, increasing the efficiency of reconfigurable information security tools is a scientific issue now. Many different approaches to constructing hardware matching circuits on FPGAs are known. The most widely used of them are based on discrete comparators, hash-functions and finite automata. Each approach possesses its own pros and cons. None of them still became the leading one. In this paper, a method to combine several different approaches to enforce their advantages has been developed. An analytical technique to quickly advance estimate the resource costs of each matching scheme without need to compile FPGA project has been proposed. It allows to apply optimization procedures to near-optimally split the set of pattern between different approaches in acceptable time.

Modeling a multi-layered blockchain framework for digital services that governments can implement

2021 ◽  
pp. 1-13
Author(s):  
Fernando Rebollar ◽  
Rocío Aldeco-Perez ◽  
Marco A. Ramos
Keyword(s):  
Statistical Analysis ◽  
General Population ◽  
Information Security ◽  
High Rate ◽  
The Internet ◽  
Sufficient Information ◽  
Electronic Network ◽  
Digital Services ◽  
Different Types ◽  
Cryptographic Techniques

The general population increasingly uses digital services, meaning services which are delivered over the internet or an electronic network, and events such as pandemics have accelerated the need of using new digital services. Governments have also increased their number of digital services, however, these digital services still lack of sufficient information security, particularly integrity. Blockchain uses cryptographic techniques that allow decentralization and increase the integrity of the information it handles, but it still has disadvantages in terms of efficiency, making it incapable of implementing some digital services where a high rate of transactions are required. In order to increase its efficient, a multi-layer proposal based on blockchain is presented. It has four layers, where each layer specializes in a different type of information and uses properties of public blockchain and private blockchain. An statistical analysis is performed and the proposal is modeled showing that it maintains and even increases the integrity of the information while preserving the efficiency of transactions. Besides, the proposal can be flexible and adapt to different types of digital services. It also considers that voluntary nodes participate in the decentralization of information making it more secure, verifiable, transparent and reliable.

Control of Soft Architecture of Distributed Complex Information Security Systems

2021 ◽  
Author(s):  
Larisa K. Ptitsyna ◽  
Anastasia O. Zharanova ◽  
Mikhail P. Belov ◽  
Aleksey V. Ptitsyn
Keyword(s):  
Information Security ◽  
Security Systems ◽  
Complex Information ◽  
Soft Architecture

A Composite Framework for Behavioral Compliance with Information Security Policies

2013 ◽  
Vol 25 (3) ◽  
pp. 32-51 ◽  
Author(s):  
Salvatore Aurigemma
Keyword(s):  
Information Security ◽  
Theory Of Planned Behavior ◽  
Theoretical Framework ◽  
Composite Model ◽  
Security Policies ◽  
Future Research ◽  
Security Threats ◽  
Behavioral Compliance ◽  
Weakest Link ◽  
Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

Sign in / Sign up

Export Citation Format

Share Document