This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Nowadays, phishing is also vital important for users to know about it because phishers can steal their financial information. After they got information, they will commit the crime on the internet. For example, they will withdraw victim's money without knowing the owner. Although some other attacks like virus, worm can damage user's data or hardware device, phishing technique can steal user's money. So, this technique is very harmful for users.
Actually phishing technique is related with fishing technique because phishers are allure users to visit their fake websit by many ways. This paper states that what is phishing, what is the example of phishing, how to know phishing email, how to prevent phishing technique, latest phishing technique and popular phishing technique in 2013.
'Phishing' was initially come out in 1990s. Phishing was developed from 'fishing' by hackers because they use the way like fishing to lure users to come and visit their fake website. In the early, hackers usually used phones to attack others, so they use 'ph' instead of 'f' to emerge a new word in their hacker community. The purpose is to steal user's credit card number, password and other personal information.
Phishing is not a new one, but in recent years, phishers use this method to commit the crime. Phishing attacks were rised dramatically within these years. According to RSA's Online Fraud Report (Ron Rivest, Adi Shamir and Leonard Adleman), the number of phishing attacks increased over 19% in 2011, and various organization also have lost over $ 2.1 billion. RSA states that in 2012, total number of phishing attacks that occured all over the world are nearly 33,000. Canada showed that the number of phishing attack increased 400% in 2012. The firm declared that it have blocked around 200,000 attacks during the earlier months of 2012. U.K is the first one that is attacked by hackers, and the attack rate is 46%. U.S is the second one, and the rate is 26%.
By seeing this result, phishing attack is a dangerous attack for people, organization and others. The impact of phishing attack is very serious problem in the world, so people and organization should have knowledge what is phishing, how they attack, and how to protect them. The purpose of this paper is to show the facts that described above the facts and others.
Phishing is an attack method which hackers send fake e-mails to victims, which look like sending from trustworthy and well known WebSite such as PayPal, MSN, eBay, BestBuy, Yahoo and America Online. They will make some problems to face prey in these e-mail. For instance, victims will seee your credit card's password is mis-match or the username or password you entered is incorrect, or it will provide updating services to lure victim to visit their fake WebSite to modify or conform their password and account number through the hyperlink that have already provided in the e-mail. After clicking those links, victim will link automatically to a counterfeited WetSite. Sometime, the faked Web sites are nearly equal to the real Web site. It's very tough for victims to know that they are actually visiting a real site or not. If victims think the fake site as real site, they will input the password and account number. Then, the phishers will successfully collect victim's information at the server side. After this step, they will commit the crimes with they got information (e.g., withdraw money from victim's account).
In general, phishers attack users with the following steps:
1) Phishers send deceptive email to victims, and that mails look like sending from legitimate source such as from their business partner, and sometime it lure them to confirm their account information with the web server.
2) Hackers encourage users to visit their counterfeit websites that is similar to legitimate site. When they visit that website, malicious software will be downloaded automatically to their computer. It will records their important financial information when they access to the target services such as banking. Then those records will be send to the control and command servers managed by hackers.
3) User will receives messages from fake charities that request to donate directly in cash.
4) Use will receive messages from social network platform that contain a link that lead to hacker website. That WebSite will download a malicious application onto prey's machine to steal their information, or it will request authentication data. This is also call social phishing.
5) Users will receive fake phone calls, but they pretend as call from private business or legitimate organizations, and then it will ask them to dial the phone number problems since they have a problem related with their bank accounts and other services. When they calls that number that is controlled by the phishers, it will answer them to enter their authentication code and account numbers. This is called voice phishing or vishing.Â
Typical Phishing Attack Schema
Phishing is a method to steal financial or personal information through deceptive mail or spamming. There are various different kind of phishing techniques to get information from victims. Nowadays, technology improvement is very fast, so phishing techniques are also more advance. To prevent phishing attack, users must have knowledge about various kinds of phishing techniques, and they should also known anti-phishing techniques to prevent themselves from phishing attack.
Email / Spam
Phisher will send the same fake email to billions of users and request them to fill the form such as personal information. Then phishers will commit cyber crimes using these information. Most messages will have an important note that require user information urgently to update their account information. Sometimes, they will ask to fill in the form to access new services using their link which is already provided in the e-mail. This attack is a common phishing attack.
Web Based Delivery
One of the most modern phishing techniques is web based delivery. It is well known as the "man-in-the-middle," because a phisher is exist between the original and fake website to trace information during transaction between users and legitimate website, and then those information will be collect without knowing the users.
Users will receive a message with fake link that direct them to the counterfeit phishing website which is similar to legitimate website. If the victims do not look carefully the URL, it is very difficult to notice the differences between real and fake website. Then, phishers will ask them to fill personal or other information in the form. This technique is call instant messaging.
Trojan hosts is also related the phishers because they attempt to log into the victim's account to gather their information through their local machine, and then the information that have collected will be send to the phishers.
The technique of link manipulation is that the hackers send a deceptive link to the preys. When they click on that link, it will not open the website that is stated in that link. Actually, it will open the hacker's website. Then users will give their information because they think that website is real. Phishers collect and use their information for illegal purposes.
This technique is similar to malware that identify user's inputs from keyboard, and then that information is transmitted to the phishers who will decrypt other information and password.
Phishing through Search Engine
Some phishing scams have search engines to lure users to visit their product site which offer them with the lowest price services or products. When users attempt to purchase those products, they will enter their cradit card number and other information on the phishing site. There are a lot of fake website that allure users with the low cost of products.
The technique of phone phishing is that the hackers call to the users and ask them to dial phone number. The main purpose of this technique is the phishers want to get user's financial information through phone. Phone phishing or vishing is done with the fake caller ID.
The latest phishing technique
First, a user see one of the tabs
Second, they left the first one and see the another tab.
Different from the original tab
Third, when user see the next tab, phisher have changed the first one as a legitimate site
The address and page do not match. If user does not notice, they may give their information. If user notice that, they can avoid it. User need to click on that page without giving information.
When the user click the first tab, the phishers have already loaded their page instead of original page.
If user click the page, the original page will appear again.,
5.0 Statistic of Phishing Attack
RSA stated that the total number of phishing attack occured in September is 35,440 all over the world. Now, U.S is targeted by phisher. In Septembe, 2012, the percentage of attack for U.S is 77%, and the percentage for U.K, France, Canada, and Poland is 10%. Phishers target the companies from U.S such as Wells Fargo,eBay, PayPal, J.P. Morgan Chase and Bank of America. These are the main target of cyber crime.
Figure 1 - Phishing Target by Industry (McAfee source)
Figure 2 - Phishing Target by Country (McAfee source)
6.0 Identify a phishing email
The fake email is nearly equal to the real email, so user need to know how to identify fake and real email. Generally, there are four facts to identify.
CompanyÂ - Phishers always send thousands of email to thousands of victims, but they do not know who they send. If users receive email that are coming from a company that is not related with them, it is fake email. For instance, if the email is sending from American Online bank, but user's bank is a different bank.
Grammer and SpellingÂ - In phishing email, sometimes, it has grammer and spelling mistake, so users need to check the errors.
No state of user's account informationÂ - If user's account has actually error, the company will send email that contain username or user's account. In the figure1, the e-mail mention "eBay customer". If user's mail is really come from eBy, they will state user's name.
DeadlinesÂ - Some email requests users to reply immediately within deadline. For instance, in figure2, First Generic Bank alarm users if they do not reply within 48hr, their account will not be used for 30 days. If users receive that kind of email, they should know it is fake mail.
LinksÂ -When phishers send email to victims, the fake link has already involved in that mail. For example, in figure 1, phishers used that link- http://fakeaddress.com/ebay . Actually it is not an eBay URL.
7.0 How to prevent phishing?
Technology improvement is very fast, so phishing technique also improve. The ways that are stated the following are anti-phishing technique.
Check email Carefully
When users receive email from unknown senders, users need to check if their username or account contain or not. That email will request users to fill in the user's financial or personal information. Most of the phishing email begin with the "Dear Customer", so users should notice that. The real company will never send spam mail. If they send email, it contain user's financial and personal information. Users can compare those facts. If users receive fake mail, they can avoid from attacking.
Never Enter Personnal or Financial Information
When users receive fake mail, fake link also include in that mail. When users click that link, it will show a page to fill users' information. Users must be sure not to fill that form because if they enter their information, phishers will steal their information for illegal purpose.
Identify Fake PhoneCall
Phone phishing is also phishing technique, and the main purpose is to steal user' information through the phone call. When they call users, they will ask them to give financial detail information. It is difficult for users to identify real or not because the phone call is similar legitimate phone call, but users can check the areacode of phone call using VOIP.
Protection through Software
Firewall and anti-spyware settings should be installed to prevent attacks, and users need to update that software programs regularly. Firewall prevents not to access the malicious files by blocking attacks. Anti-spyware protect every files that comes from the Internet to users computer. These methods will help users to prevent their system from damaging.
Never Send User's Personal Information from emails
The best way for this method is user's should not send important information to someone from email. Users make a habit to look at the website before sending that this website is secure or not. If the website is secure, it will begin with "https".
Check Bank Details Regularly
Users need to check their bank statement regularly to prevent fraudulent transactions because phishers may steal user information and use those information without users do not know.
Watch out new Phishing TechniquesÂ
Technology is improving all the time, so new phishing technique also appear all the time. If user is not have no knowledge about all the phishing technique, they may fall prey at one of the technique. Users need to watch out the latest phishing technique. If users finding out them early, they can prevent early before they are not attacked.
Install an Anti-Phishing ToolbarÂ
Users should install the anti-phishing toolbars. It will alert them when they are seeing the phishing site by comparing with the list of phishing site. So, users can easily notice the websit which they are visiting is phishing site or not.
Be awareness of Pop-Ups
Sometimes, Pop-up windows pretend as real components of the website. Most popular browsers permit user to block the pop-ups. If the pop-up appear, users should not click the "Cancle" because it can lead users to the phishing sites. Users should click the "x" that exist at the upper-corner of window.
8.0 Spear phishing will be popular in 2013
Most of the people's education have improved, so they can aware the email that come from unbelievable website. So, it is difficult for phishers to collect users' information. As a result, they change the new way to attack users. The new attack is known as "spear phishing". Spear phishing just focuses on the small group of the individuals or an individual, they use individual information from their social website. Rohyt Belani, CEO at PhishMe warns 2012 is the year of Bring Your Own Device (BYOD), and mobile malware will be popular in 2013. Belani states that the growth of consumer applications the violate the privacy, for instance phisher tricked user's GPS data, but now, phishers are targeting the mobile device users in 2013, especially intent to get information from their coporate mail system. For instance, if a user accepts a SMS or an email that look like coming from their business partner or a friend, it will tell user to check out the amazing new application, and they will trick user to click that link. Sphere technique is successful on the mobile devices because users cannot check th real destination on of that link on the mobile. If user clicks that link, that technique install automatically malware on user's device, which use users' email account and send email to their coporate network.
Once a phisher has penetrated user's email system from a mobile device, it is easy for phishers to send malware to the user's corporate network. Actually, this technique is the human against human The problem with this attacks is that it is human against human that cannot be defended by the technology. The best solution for this technique is that users should have education about this attack.
Phishing is a technique to attack users on the online. It lures the victim to come and visit its website like fishing technique and ask them to fill the their information. Unfortunately, if preys believe that website is real and give their finalcial or personal information, phishers will gather their information, and then they will use that information for commit the cyber crime. It is difficult for users to distinguish the site is real or not because pisher's website and legitimate website are almost the same. Hence, users should have the general knowledge about all of the phishing techniques because one technique differ from another technique. If users do not keep up with the new phishing method, they may be preys of phishers. Actually, phishing is the dangerous technique for users and organization because most top countries have lost a lot of money by phishing.
The phishing technique is actually started in 1990, so people have knowledge about the old phishing technique, and they know how to solve that problem. As a result, it is tough for phishers to collect victims information, so they invent new technique to attack them. This technique is also know as "Tabnabbing" that means phishers change the page on a tab that is one of the open tab while users left that tab for a while and visit the other tab. Phishers use scrip to trace the user's favourite website (e.g, Gmail) and rewrite that site and change the original site. When users return the first tab, they may not notice that page has changed or not. Users see their favourite site instead of original site, and they will give their information on the page that phishers create. To prevent this technique, users need to check the address and the name on the tab. They will not match. If users know that site is phishing site, they can click on that page not to enter their information, and the original site will open again. There are many ways to prevent this technique, so users need to know how to protect from attacking.
In the recent year, phishers attacked the users by sending fake email and asked them to follow the link that given in that email. Rohyt Belani warns in 2013, mobile malware attack will be popular. This is also known as the "Spear Phishing". It focuses on the individual of small group to attack fro mobile phone by using individual information that is get from their social network such as facebook, twitter. Phishers can attack successfully by using this technique because users cannot check the real direction of that link on the mobile phone. Once users click on that link, they have alrady download the malware that will use user email account and sends email to user's coporate network. This technique is spreading malware to the related user's network and steal information. It is difficult to prevent this technique by technology, so users should have education related this technique to prevent from attacking. Although this paper shows a lot of phishing technique and how to prevent them, the most important information for users is to avoid giving their information on the unreliable websites. If the users do like that, the phishing attack reate may be decline in the future.