The invention of information and communication technology (ICTs) has invaded our lives, be it business, personal or recreational purposes. We rely heavily on the Internet for business, personal, financial, and investment decisions, etc. Accompanying these developments is the growing number of threats to the Internet and its associated technologies. Some of these threats are seen in a variety of ways, such as counterfeit goods offered on sale on eBay, to deceive unsuspecting enthusiasts, or guarantee victims a high return, if the victim will help with foreign exchange transactions via a bank account, etc. This article is about EMERGING TECHNOLOGY TH.REAT – PHISHING
The crime of stealing sensitive information, in particular, has been around for a long time. Identity theft is a hypocritical way of making a last-ditch person disclose sensitive information to an online attacker, such as passwords or credit cards, other personal information, or sensitive financial data. Another attack on Phishing is SMiShing. Instead of attacks that occur via email, it comes as short messaging services (SMS) or text messages.
The word “Vishing” is derived from the combination of “voice” and “Phishing”. Here, a call is received when the attacker entices the recipient to give his or her details with intent to harm. For example, a customer receives a call on the weekend and during office hours, allegedly from his bank’s call center. EMERGING TECHNOLOGY THREAT – PHISHING
The information collected by the attacker can be used for criminal activities such as identity theft or fraud. Often, customers and/or users, formerly known as targeted victims, are misled into disclosing this information either by providing it in a web form or by downloading and installing malicious software.
A mobile device (or a computer installed or handheld) is defined as a small computer device, usually with a small output screen, which may have a touch or a small keyboard. Perform basic computer functions, such as control, data processing, data movement, and data storage. Examples of mobile devices are Palm and other PDAs, PC PC and smartphones.
Today, with the advent of computers, the use of mobile devices to access and browse the Internet and various computer applications has become quite common; be it business or personal use. The use of a mobile device is in part due to its portability and long battery life. Compatible with many applications, the use of mobile devices presents several cybersecurity challenges due to their use and communication.
The threats posed by the emerging computing technology mentioned are a major issue in this research paper. Specifically, we want to establish the scope of cellular threats and build awareness of the threats of identity theft, SMiShing, and Vishing and their impact associated with exploitation.
PROBLEM FORMULATION (EMERGING TECHNOLOGY THREAT – PHISHING)
In the wake of the crime of identity theft, SMiShing and Vishing mobile devices have been on the rise without any signs of attack. For the second year in a row, reported cases of monthly attacks increased more than 160 times, while the number of reported high-profile identity theft websites increased nearly 16 times, with more than 100 known brands being attacked.
Frequent attacks occur when actual emails are allegedly from the author or sender of the “corrupt”. This email message may ask the recipient to provide some sensitive user credentials or personal information or click on the link to perform some action. For example, an email that is suspected to be from your system administrator may ask you to provide administrator personal information including your password, at a specified time or you are in danger of losing your account.
When a user replies to a message with the required information, the attacker may then use the opportunity to damage his or her systems or misuse the stolen identity profile. Until recently, mobile devices were not only infected with viruses and worms but there were indications of a crime of identity theft, SMiShing, and Vishing.
Since its first discovery in 1987, identity theft has become increasingly common. And as digital technology continues, these attacks continue to find new ways to exploit risk.
Below are some of the most common types of identity theft:
TYPES OF PHISHING ATTACKS
- Email sensitive identity theft (Standard Email Phishing ) –
The most well-known way to steal sensitive information, this attack is an attempt to steal sensitive information via email that appears to come from a legitimate organization. It is not a targeted attack and can be done in bulk.
- Malware Phishing –
Using the same sophisticated email scam strategies, this attack promotes the intent of clicking a link or downloading attachments to install malware on the device. It is currently the most widespread form of cybercrime.
- Spear Phishing –
When the attack on high-profile identity theft throws a net, the crime of spear-throwing is a highly targeted, well-researched crime focused on business executives, the public, and other lucrative purposes.
- Smishing –
SMS-sensitive crime theft provides malicious short links to smartphone users, often disguised as account notifications, prize notifications, and political messages.
- Search Engine Phishing –
In this type of attack, cybercriminals set up fraudulent websites designed to collect personal information and direct payments. These sites may appear in organic search results or paid ads for popular search terms.
- Vishing –
Vishing, or the word for stealing sensitive information, involves a malicious caller claiming to be from technical support, government agency, or other organization and trying to extract your personal information, such as bank or credit card details.
- Pharming –
Also known as DNS toxicity, pharmacy is a sophisticated method of stealing information that includes a domain name online system (DNS). Pharming returns official web traffic to a fake page without the user’s knowledge, often stealing important information.
- Clone Phishing –
In this type of attack, a shady actor compromises a person’s email account, makes changes to an existing email by swapping a legitimate link, attachment, or other elements with a malicious one, and sends it to the person’s contacts to spread the infection.
- Man-in-the-Middle Attack –
A man-in-the-middle attack involves audio communication between two unsuspecting parties. These attacks are often perpetrated by the construction of fake WiFi networks in coffee shops, supermarkets, and other public places. Once joined, the man in the middle can search for details or press malware on devices.
- BEC (Business Email Compromise) –
Business email compromise includes the fraudulent email that appears to come from someone inside or associated with a targeted company requesting urgent action, whether wiring money or buying gift cards. The strategy is estimated to have accounted for nearly half of all cyber-related business losses by 2019.
- Malvertising –
This type of phishing scam uses digital ad software to publish non-standard ads with malicious code embedded inside.
COMMON FEATURES OF PHISHING EMAILS
- Too Good To Be True – Beneficial offers and eye-catching or attention-grabbing offers are designed to attract immediate attention. For example, many claim to have won an iPhone, lottery, or other grand prizes. Just don’t click on any suspicious emails. Remember that if it sounds good to be true, it probably is!
- See of Urgency – A popular strategy among cybercriminals is to ask you to take immediate action because big deals are designed for a limited time. Some of them will also tell you that you have a few minutes to respond. If you encounter these types of emails, it is best not to ignore them. In some cases, they will tell you that your account will be suspended unless you update your personal information immediately. Many reputable organizations provide sufficient time before they terminate an account and have never asked their owners to update their information via the Internet. If in doubt, visit the source directly instead of clicking the link in the email.
- Links – The link may not be all that it appears to be. Navigating over the link shows you the exact URL where you will be directed by clicking on it. It could be completely different or it could be a popular website with the wrong spelling, for example, www.bankofarnerica.com – ‘m’ is actually ‘r’ and ‘n’, so take a closer look.
- Email Attachment – If you see an email attachment that you didn’t expect or that doesn’t make sense, don’t open it! They usually contain loads like pebbles or other viruses. The only safe file type to click on is the .txt file.
- Unusual Sender – Whether it looks like it comes from a stranger or an acquaintance, if there is something that seems strange, unexpected, out of place or just suspicious of it all click on it!
HOW TO RECOGNIZE PHISHING
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they receive that information, they may gain access to your email, bank, or other accounts. Scammers launch thousands of cybercrime attacks every day – and they often succeed. The FBI’s Internet Crime Complaint Center has reported that people have lost $ 57 million in criminal programs to steal sensitive information in one year.
Scammers often update their tactics, but some features will help you detect a stolen email or text message.
- Phishing emails and sensitive text messages may seem to come from a company that you know or trust. They may look like they came from a bank, a credit card company, a social network, a paid website or an app, or an online store.
- Phishing emails and text messages often tell a story to trick you by clicking on a link or opening an email attachment. It is possible
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
PREVENT PHISHING ATTACKS
Prevention of identity theft requires action by both users and businesses.
For users, monitoring is key. A false message often contains subtle errors that reveal its true nature. This may include spelling errors or changes in domain names, as seen in the first example of a URL. Users should also stop and think about why they are receiving such an email.
For businesses, many steps can be taken to reduce both the theft of sensitive information and the spear
Although hackers often come up with new ideas, there are some things you can do to protect yourself and your organization:
- To protect against spam emails, spam filters can be used. Typically, filters check the origin of the message, the software used to send the message, and the appearance of the message to determine if it is spam. In some cases, spam filters can block emails from legitimate sources, so they do not always be 100% accurate.
- Settings Browser settings must be changed to prevent fraudulent websites from being opened. Browsers keep a list of fake websites and when you try to access the website, the address is blocked or a warning message is displayed. Browser settings should only allow trusted websites to be opened.
- Authentic Two-factor authentication (2FA) is the most effective way to combat cybercrime, as it adds a layer of authentication when logging into sensitive applications. 2FA relies on users who have two things: something they know, like a password and a username, and something they have, like their smartphones. Even if employees are demoted, 2FA restricts the use of their personal information, as this alone is not enough to gain access.
- In addition to using 2FA, organizations should enforce strict password management policies. For example, employees should be asked to change their passwords regularly and not be allowed to re-use passwords for multiple applications.
- Campaign Educational campaigns can help reduce the threat of cybercrime by enforcing secure practices, such as by not clicking external email links.
- Websites Many websites require users to enter login details while the user image is displayed. This type of system may be vulnerable to security attacks. Another way to ensure security is to change passwords regularly, and never use the same password on multiple accounts. It is also a good idea for websites to use the CAPTCHA system for added security.
- Banks and financial institutions use precautionary measures to prevent the theft of sensitive information. People can report the crime of sensitive information to industry groups where legal action can be taken against these fraudulent websites. Organizations should provide safety awareness training to employees to identify risks.
- Changes in browsing habits are needed to prevent identity theft. If verification is required, contact the company itself before entering the information online.
- If there is a link in the email, hover over the URL first. Secure websites with a valid Security Socket Layer (SSL) certificate start with “https”. Eventually, all sites will need to have a valid SSL.
Usually, emails sent by cybercriminals are encrypted and therefore appear to be sent by the business through its services through the recipient. The bank will not ask for your information via email or suspend your account if you do not update your details promptly. Many banks and financial institutions also provide us with an account number or other personal information within the email, confirming that it is from a reliable source.
EMERGING TECHNOLOGY THREAT – PHISHING