Internet Phishing is the 21st century crime with stories running all over the globe on how victims are succumbing to this attack. While the people carrying out this task, have continually developed more sophisticated methods of crime, while on the other hand, businesses have been continuously searching for solutions on how to protect their customers’ personal data and increase their email security.
While most of the organizations around the world are battling for better and safer solutions, most of them are taking intermediary steps to prevent phishing.
This paper intends to discuss the technologies and security flaws that are used by Phishers to exploit data. Along with this, the some neutral advise is also presented on how to combat the growing issue of Phishing. The word “phishing” initially comes from the equivalence that early Internet criminals used email lures to “phish” for passwords and economic data from a group of Internet users.
The use of “ph” in the terminology is partly lost with time and has been most likely associated with other hacking words like “Phreaks” which traces back to early hackers who were involved in “phreaking” _ the hacking of telephone systems.
Phishing makes use of most of the popular internet communication channels, spoofed messages in order to lure victim into their trap in order to steal the electronic identity of the victim. Phishing is related to the act of tricking customers with their confidential information for despicable use.
Phishing targets the use of mass emails like Spam and most often make the use of bots to automatically target victims. Any online business may find Phishers masquerading as them and targeting their customer base. The size of the organization does not matter much over here but it is the value of the information that is reaped by such types of attacks. There has been an escalating amount of increase in the number of phishing attacks and now the Phishers attack an audience size in the range of millions of users around the world.
These email addresses have been found at the large online retail websites where internet users tend to submit their email id’s at the click of a mouse. Some of these websites have also been found to be fake and illegal which allow the Phishers to easily fool the users into submitting their personal information very easily before identifying any kind of safety issues. While the method of Spam was quite annoying and burdensome, Phishing has the potential to directly attack the important data and create losses due to illegal currency transfers.
As the study suggests, over 57 million internet users in the United States have already identified the links in their emails to phishing scams. An astounding number of 1. 7 million people have already fallen prey to these phishing attacks and have been tricked into submitting their personal information. According to R James, “With various experts extolling proprietary additions or collaborative improvements to core message delivery protocols such as SMTP, organizations may feel that they must wait for third-party fixes to become available before finding a solution to Phishing.
While the security failures within SMTP are indeed a popular exploit vector for Phishers, there are an increasingly array of communication channels available for malicious message delivery. ” With time, the concept of Phishing has increased by many folds and now Phishers are luring the victims by a variety of ways to divulge their personal as well as financial information. Fake websites, installation of Trojan horse key-loggers and screen captures, and man-in-the-middle data proxies are some of these tools used by Phishers.
These websites also include job sites and even lucrative job offers. People who are looking for huge amounts money on the internet within a short span of time, are the ones who are lured easily on these websites. These users open up a bank accounts and use this bank account to receive money and then transferring this money to their own personal bank accounts. These websites actually lure the victims by making them perform a number of safe looking actions that ultimately provides access to the user’s personal account information.
Most of the communication channels that are most popularly used on the interne such as email, landing pages, IRC, messaging systems, are also used freely for the purpose of Phishing. In these cases, the phisher has to imitate a faithful source for the victim to believe. Till date the most successful of the phishing scams have been done with the help of emails. In these scams the Phisher copies some sending authority (e. g. spoofing the source email address and embedding appropriate corporate logos).
For example, an internet user recives an email from an email address like [email protected] com and the email contains the subject line “ security update” and contains a request as to validate their personal account information in order to stop a security threat that has been initiated on their account. After reading this emails, over 70% of the internet users would be willing to send their personal account information in order to get verified by contacting the email sender and requesting them to cancel the order or the transaction.
After this the phisher now asks them to divulge their personal information and thus easily lures the victim into his trap. Countering the Threat As already stated above there are a number of phishing methods that can be used by the Phishing community. To combat these threats, there are a mix of information security technologies and techniques that are available for the internet users in order to safeguard their personal data from Phishing scams. For the best results and safety, these safety measures should be put onto the three logical layers of the system in question.