Designing a Security Awareness Program for Mahindra Bank: A Report
VerifiedAdded on 2022/10/16
|18
|4611
|352
Report
AI Summary
This report provides a detailed analysis of a security awareness program designed for Mahindra Bank, an Australian financial institution. The report begins with an executive summary outlining the need for such a program due to increasing cyber threats like phishing, ransomware, and data breaches. It then delves into a security awareness needs assessment, highlighting the risks associated with online banking and the importance of employee training. The report outlines a comprehensive security awareness strategy and plan, including employee education, software enhancements, and process engineering. Various methods for delivering security awareness, such as conventional, instructor-led, online, video-based, and simulation-based methods, are discussed with their respective pros and cons. The report identifies and discusses specific threats, including phishing attacks, and provides security awareness measures and metrics to evaluate the program's effectiveness. The report concludes with recommendations for Mahindra Bank to improve its security posture and protect its sensitive information. The report highlights the importance of changing employee behavior and creating a security-conscious culture within the organization.
Running head: AWARENESS ON SECURITY OPERATION
Awareness on Security Operation
Name of the Student
Name of the university
Author’s Note:
Awareness on Security Operation
Name of the Student
Name of the university
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
AWARENESS OF SECURITY OPERATION
Executive Summary
A security awareness program is a ceremonial program held by any organization to train the
employees and users about the potential ongoing cyber-threats to the information of the
organization. Mahindra bank is a leading bank in Australia is facing some hazardous issues
like phishing mail, ransomware infection as well as data breach on PII information. The goal
of this security awareness program is to eventually reduce the respective attack surface of the
organization by changing the behavior of the employee for protecting potential information.
This report has provided recommendations for reducing impact of phishing attacks. The most
basic recommendation would be not entertaining any type of unsolicited email. Another
effective solution would be changing passwords periodically. Five popular delivery methods
for security awareness are described in the report, which are conventional, instruction led,
online, video based and simulation based. Each of these methods are extremely effective for
delivering proper updates related to cyber security to the employees. The report has also
demonstrated about security awareness strategy and plan for Mahindra Bank, so that they are
able to secure their PII information.
AWARENESS OF SECURITY OPERATION
Executive Summary
A security awareness program is a ceremonial program held by any organization to train the
employees and users about the potential ongoing cyber-threats to the information of the
organization. Mahindra bank is a leading bank in Australia is facing some hazardous issues
like phishing mail, ransomware infection as well as data breach on PII information. The goal
of this security awareness program is to eventually reduce the respective attack surface of the
organization by changing the behavior of the employee for protecting potential information.
This report has provided recommendations for reducing impact of phishing attacks. The most
basic recommendation would be not entertaining any type of unsolicited email. Another
effective solution would be changing passwords periodically. Five popular delivery methods
for security awareness are described in the report, which are conventional, instruction led,
online, video based and simulation based. Each of these methods are extremely effective for
delivering proper updates related to cyber security to the employees. The report has also
demonstrated about security awareness strategy and plan for Mahindra Bank, so that they are
able to secure their PII information.
2
AWARENESS OF SECURITY OPERATION
Table of Contents
1. Introduction............................................................................................................................3
2. Security Awareness Needs Assessment.................................................................................3
3. Security Awareness Strategy and Plan...................................................................................4
3.1 Employee Education........................................................................................................5
3.2 Software or Technological Enhancement........................................................................5
3.3 Process Engineering.........................................................................................................6
4. Methods for Delivery of Security Awareness........................................................................7
4.1 Conventional delivery methods........................................................................................7
4.2 Instructor-led delivery methods.......................................................................................7
4.3 Online delivery methods..................................................................................................8
4.4 Video-based delivery methods.........................................................................................8
4.5 Simulation-based delivery methods.................................................................................9
5. Threats and Discussion........................................................................................................10
5.1 The lure..........................................................................................................................10
5.2 The hook.........................................................................................................................10
5.3 The catch........................................................................................................................11
6. Security Awareness Measures and Metrics..........................................................................11
7. Conclusion............................................................................................................................14
References................................................................................................................................15
AWARENESS OF SECURITY OPERATION
Table of Contents
1. Introduction............................................................................................................................3
2. Security Awareness Needs Assessment.................................................................................3
3. Security Awareness Strategy and Plan...................................................................................4
3.1 Employee Education........................................................................................................5
3.2 Software or Technological Enhancement........................................................................5
3.3 Process Engineering.........................................................................................................6
4. Methods for Delivery of Security Awareness........................................................................7
4.1 Conventional delivery methods........................................................................................7
4.2 Instructor-led delivery methods.......................................................................................7
4.3 Online delivery methods..................................................................................................8
4.4 Video-based delivery methods.........................................................................................8
4.5 Simulation-based delivery methods.................................................................................9
5. Threats and Discussion........................................................................................................10
5.1 The lure..........................................................................................................................10
5.2 The hook.........................................................................................................................10
5.3 The catch........................................................................................................................11
6. Security Awareness Measures and Metrics..........................................................................11
7. Conclusion............................................................................................................................14
References................................................................................................................................15
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
AWARENESS OF SECURITY OPERATION
1. Introduction
Security awareness program has dynamically designed to evolve the future needs of
organization and employee. Due to the rapid growth of advanced rapid information
technology, financial organization like Mahindra Bank is facing many inside cyber-attacks
(Safa, Von Solms and Furnell 2016). A phishing email, ransomware infection or even data
breaches of PII information are one of the cyber-attacks that resulted in a loss of sensitive
information that is a disturbance of the organization. Employees or workers are completely
unaware of this kind of threat. For the core purpose of providing awareness to the employees
of Mahindra bank and ensure that cyber threats are being eradicated on time, it is required to
involve a training awareness program (Zhao, An and Kiekintveld 2016). This report includes
gathering information about needs proper assessment, strategy, and plan, methodologies for
delivery and measures or metrics. This report outlines about the innovation that can have
implemented by the IT department to aware the employees of Mahindra Bank about cyber-
threats. The metrics and measures of security awareness how they and the methods and
delivery of the security awareness program are have discussed in this report.
2. Security Awareness Needs Assessment
Mahindra bank is facing a prominent risk due to changing in a technological system
that is applicable for a particular framework. After the introduction of mobile banking, ATM,
and online banking service, such distinct threats are emerging to a high extent. Exchanging
money through platinum card, smart card and credit card has eventually raised this IT risk.
The control over the network system is failing for the risk generating due to the technological
risk. The banks are continuously under pressure for clearing the customer complaints that
they face due to the technological issue (Cavusoglu et al. 2015).
AWARENESS OF SECURITY OPERATION
1. Introduction
Security awareness program has dynamically designed to evolve the future needs of
organization and employee. Due to the rapid growth of advanced rapid information
technology, financial organization like Mahindra Bank is facing many inside cyber-attacks
(Safa, Von Solms and Furnell 2016). A phishing email, ransomware infection or even data
breaches of PII information are one of the cyber-attacks that resulted in a loss of sensitive
information that is a disturbance of the organization. Employees or workers are completely
unaware of this kind of threat. For the core purpose of providing awareness to the employees
of Mahindra bank and ensure that cyber threats are being eradicated on time, it is required to
involve a training awareness program (Zhao, An and Kiekintveld 2016). This report includes
gathering information about needs proper assessment, strategy, and plan, methodologies for
delivery and measures or metrics. This report outlines about the innovation that can have
implemented by the IT department to aware the employees of Mahindra Bank about cyber-
threats. The metrics and measures of security awareness how they and the methods and
delivery of the security awareness program are have discussed in this report.
2. Security Awareness Needs Assessment
Mahindra bank is facing a prominent risk due to changing in a technological system
that is applicable for a particular framework. After the introduction of mobile banking, ATM,
and online banking service, such distinct threats are emerging to a high extent. Exchanging
money through platinum card, smart card and credit card has eventually raised this IT risk.
The control over the network system is failing for the risk generating due to the technological
risk. The banks are continuously under pressure for clearing the customer complaints that
they face due to the technological issue (Cavusoglu et al. 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
AWARENESS OF SECURITY OPERATION
Phishing emails are fraud attempts for obtaining sensitive information such as
username and password of the customer. Phishing is usually have done by the emerging a
link inside the email where the customer has asked to fill a form of the regarding fake
company (Tsohou, Karyda and Kokolakis 2015). Besides, ransomware infection is an
extremely common and rapid growing threat to any type of data file of a financial
organization like Mahindra Bank. The infection is a malware, which locks computer and
prevents using data until customer pay a ransom. All these kind of paying method of ransom
is quite risky. PII information can have exposed or sold on dark web and used to prepare
identity theft. It is one of the major reasons for implementing awareness on cyber threats.
Security awareness should have integrated into the business culture with moderation weekly,
monthly, quarterly, and always keep updated about the customers about the recent problems
and keep up the company’s reputation (Dahbur, Bashabsheh and Bashabsheh 2017).
3. Security Awareness Strategy and Plan
Maintaining a proper security awareness program requires some strategy and plan
required. There should be cultural security team to aware the employees to communicate with
the customer about cyber-threats like phishing attacks, ransomware infection of data and data
breach of PII information. The cultural security team will help to prevent the loss of
capability of banking services that are degrading and putting down the company’s reputation
(Arachchilage and Love 2014). The problem of phishing emails can have tackled by some
trial and error method approach. Employee education, technological enhancement and
process engineering have included among them. To know the employees about the phishing
attackers and aware employees about the kind of phishing attack happening in financial
institutions are making an effort in providing end user education for learning how the security
works.
AWARENESS OF SECURITY OPERATION
Phishing emails are fraud attempts for obtaining sensitive information such as
username and password of the customer. Phishing is usually have done by the emerging a
link inside the email where the customer has asked to fill a form of the regarding fake
company (Tsohou, Karyda and Kokolakis 2015). Besides, ransomware infection is an
extremely common and rapid growing threat to any type of data file of a financial
organization like Mahindra Bank. The infection is a malware, which locks computer and
prevents using data until customer pay a ransom. All these kind of paying method of ransom
is quite risky. PII information can have exposed or sold on dark web and used to prepare
identity theft. It is one of the major reasons for implementing awareness on cyber threats.
Security awareness should have integrated into the business culture with moderation weekly,
monthly, quarterly, and always keep updated about the customers about the recent problems
and keep up the company’s reputation (Dahbur, Bashabsheh and Bashabsheh 2017).
3. Security Awareness Strategy and Plan
Maintaining a proper security awareness program requires some strategy and plan
required. There should be cultural security team to aware the employees to communicate with
the customer about cyber-threats like phishing attacks, ransomware infection of data and data
breach of PII information. The cultural security team will help to prevent the loss of
capability of banking services that are degrading and putting down the company’s reputation
(Arachchilage and Love 2014). The problem of phishing emails can have tackled by some
trial and error method approach. Employee education, technological enhancement and
process engineering have included among them. To know the employees about the phishing
attackers and aware employees about the kind of phishing attack happening in financial
institutions are making an effort in providing end user education for learning how the security
works.
5
AWARENESS OF SECURITY OPERATION
There should be an anti-phishing workgroup in every financial organization to detect
the attackers. An effective effort should be given for resolving these phishing threats by
preventing and detecting phishing email, URLs, and websites. Employees should be trained
properly for stopping phishing attacks (Peltier 2016). Automatic anti-phishing tools should be
implemented for alerting users. Security experts in Mahindra bank are continuously trying to
improve the spam and phishing detecting tools.
3.1 Employee Education
Employee capability and analytical skills for successful recognition of the cyber-
attacks would be extremely effective. The management of Mahindra Bank should start cyber
awareness during their on boarding process of employees (Bada, Sasse and Nurse 2019). A
formal plan should also be created to ensure that the employees are well communicated
regarding cyber threats. Moreover, the employees should be able to conduct evaluations
regarding cyber security. Employee reward system should also be introduced after checking
if every employee is following cyber security plan.
3.2 Software or Technological Enhancement
There are different types of anti-spamming software, which comprise of higher
success rate for effectively detecting and reducing cyber-attacks. The sources should be
blocked and with the help of firewalls. Moreover, the filters would be extremely effective for
spam emails. A financial organization like Mahindra bank needs much more developed
software to prevent those attacks (Konradt, Schilling and Werners 2016). Software
enhancement would be required for up gradation of the hardware and software capabilities.
Such enhancement is needed to ensure performance scalability and client specification.
AWARENESS OF SECURITY OPERATION
There should be an anti-phishing workgroup in every financial organization to detect
the attackers. An effective effort should be given for resolving these phishing threats by
preventing and detecting phishing email, URLs, and websites. Employees should be trained
properly for stopping phishing attacks (Peltier 2016). Automatic anti-phishing tools should be
implemented for alerting users. Security experts in Mahindra bank are continuously trying to
improve the spam and phishing detecting tools.
3.1 Employee Education
Employee capability and analytical skills for successful recognition of the cyber-
attacks would be extremely effective. The management of Mahindra Bank should start cyber
awareness during their on boarding process of employees (Bada, Sasse and Nurse 2019). A
formal plan should also be created to ensure that the employees are well communicated
regarding cyber threats. Moreover, the employees should be able to conduct evaluations
regarding cyber security. Employee reward system should also be introduced after checking
if every employee is following cyber security plan.
3.2 Software or Technological Enhancement
There are different types of anti-spamming software, which comprise of higher
success rate for effectively detecting and reducing cyber-attacks. The sources should be
blocked and with the help of firewalls. Moreover, the filters would be extremely effective for
spam emails. A financial organization like Mahindra bank needs much more developed
software to prevent those attacks (Konradt, Schilling and Werners 2016). Software
enhancement would be required for up gradation of the hardware and software capabilities.
Such enhancement is needed to ensure performance scalability and client specification.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
AWARENESS OF SECURITY OPERATION
3.3 Process Engineering
The subsequent experience gained from cyber-attacks could be helpful for the
employee to execute business processes and also eliminate authentic loophole procedure.
This type of business procedure should be properly engineered in such a manner that such
issues are being reduced without any type of complexity (Wolf and Floyd 2017). Process
engineering can be referred to as proper understanding as well as application of principles for
transforming confidential information.
While keeping track of any known threat, risks and previous attackers help to imagine
what the attacker is going to do in the future. A proper IT infrastructure can have
implemented that will strengthen the network system of the selected organization like
Mahindra Bank that performs daily jobs functions (Slayton 2015). After that, one of the
important things the financial industries have to keep in their mind is how to increase the
overall program Security awareness level. Employees must have implemented a proactive
security mindset. Polytrophic tests or background check of the suspected employee should
have help to detect the fraud.
AWARENESS OF SECURITY OPERATION
3.3 Process Engineering
The subsequent experience gained from cyber-attacks could be helpful for the
employee to execute business processes and also eliminate authentic loophole procedure.
This type of business procedure should be properly engineered in such a manner that such
issues are being reduced without any type of complexity (Wolf and Floyd 2017). Process
engineering can be referred to as proper understanding as well as application of principles for
transforming confidential information.
While keeping track of any known threat, risks and previous attackers help to imagine
what the attacker is going to do in the future. A proper IT infrastructure can have
implemented that will strengthen the network system of the selected organization like
Mahindra Bank that performs daily jobs functions (Slayton 2015). After that, one of the
important things the financial industries have to keep in their mind is how to increase the
overall program Security awareness level. Employees must have implemented a proactive
security mindset. Polytrophic tests or background check of the suspected employee should
have help to detect the fraud.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
AWARENESS OF SECURITY OPERATION
Figure 1: Security Strategy and Plan
(Source: Created by the Author)
4. Methods for Delivery of Security Awareness
After making some strategy and plan, the financial organization’s main concern is
how to deliver those strategies in the security awareness program (Soomro, Shah and Ahmed
2016). The success of the program is dependent upon how they delivered to the employee.
Some delivery methods have reviewed in the report.
4.1 Conventional delivery methods
The most common methodologies of delivering security awareness information
mainly include paper resources. Hence, electronic resources are not effective for this purpose.
A popular example of such conventional delivery method is poster. In these common delivery
methods, posters could be effective for gathering information (Karadag 2015). Several time-
sensitive issues are required for highlighting and reminding people regarding specific actions
that are needed to be undertaken. However, one of the major disadvantage of this poster is
that once a poster has been developed, adaptations are not entertained.
4.2 Instructor-led delivery methods
It is a top-down approach that aims in having a major impact over individual level
after taking help from an expert. One of the advantages of these particular delivery methods
can answer the student questions timely. In this type of delivery, method knowledge has
shared between the professionals of information security and employees. However, this
particular approach assumes that customers are highly knowledgeable about the subject.
Although customers have attracted towards static based delivery method customers may find
it boring (Eggenschwiler, Agrafiotis and Nurse 2016). The success of the delivery methods
AWARENESS OF SECURITY OPERATION
Figure 1: Security Strategy and Plan
(Source: Created by the Author)
4. Methods for Delivery of Security Awareness
After making some strategy and plan, the financial organization’s main concern is
how to deliver those strategies in the security awareness program (Soomro, Shah and Ahmed
2016). The success of the program is dependent upon how they delivered to the employee.
Some delivery methods have reviewed in the report.
4.1 Conventional delivery methods
The most common methodologies of delivering security awareness information
mainly include paper resources. Hence, electronic resources are not effective for this purpose.
A popular example of such conventional delivery method is poster. In these common delivery
methods, posters could be effective for gathering information (Karadag 2015). Several time-
sensitive issues are required for highlighting and reminding people regarding specific actions
that are needed to be undertaken. However, one of the major disadvantage of this poster is
that once a poster has been developed, adaptations are not entertained.
4.2 Instructor-led delivery methods
It is a top-down approach that aims in having a major impact over individual level
after taking help from an expert. One of the advantages of these particular delivery methods
can answer the student questions timely. In this type of delivery, method knowledge has
shared between the professionals of information security and employees. However, this
particular approach assumes that customers are highly knowledgeable about the subject.
Although customers have attracted towards static based delivery method customers may find
it boring (Eggenschwiler, Agrafiotis and Nurse 2016). The success of the delivery methods
8
AWARENESS OF SECURITY OPERATION
depends upon the ability of the customer to take the details effectively and efficiently. This
type of group-based sharing experience and knowledge amongst employees are extremely
important for the organization.
4.3 Online delivery methods
There exist several forms of online delivery system available in the market. The
online delivery system includes e-mail broadcasting, information upload, online
synchronization, blogging, animation as well as multimedia. This kind of delivery method is
for multimedia teaching methods over different geographic areas. Web-based security
awareness training is one type of delivery method of online delivery methods (Safa et al.
2015). For example, WBT based delivery may take the content after inclusion of graphics and
animations. The drawback of the WBT based delivery system is it is very expensive. There
are various kinds of blogs for teaching people for identifying web sites accurately. Several
organizations have developed blogs for educating people for identifying phishing websites
appropriately.
4.4 Video-based delivery methods
As a part of the security awareness program educational video, take an important role
as part of the security awareness program. Classroom trainer not needed for spreading
security awareness. Online video is considered as the only medium, which provides audio
and video-based learning for customers (Sadeh-Koniecpol et al.2017). Influencing feature
makes the online video more effective and efficient, but it is not time-dependent. It depends
upon the user how they manage to use their time. However, they can study independently.
Those are the benefits of the delivery system. Customer can learn from the web-based video,
which is available on the internet. Customer can watch those videos, as much time they want.
The videos may be expensive to buy or watch. Someone can watch those videos countless
times.
AWARENESS OF SECURITY OPERATION
depends upon the ability of the customer to take the details effectively and efficiently. This
type of group-based sharing experience and knowledge amongst employees are extremely
important for the organization.
4.3 Online delivery methods
There exist several forms of online delivery system available in the market. The
online delivery system includes e-mail broadcasting, information upload, online
synchronization, blogging, animation as well as multimedia. This kind of delivery method is
for multimedia teaching methods over different geographic areas. Web-based security
awareness training is one type of delivery method of online delivery methods (Safa et al.
2015). For example, WBT based delivery may take the content after inclusion of graphics and
animations. The drawback of the WBT based delivery system is it is very expensive. There
are various kinds of blogs for teaching people for identifying web sites accurately. Several
organizations have developed blogs for educating people for identifying phishing websites
appropriately.
4.4 Video-based delivery methods
As a part of the security awareness program educational video, take an important role
as part of the security awareness program. Classroom trainer not needed for spreading
security awareness. Online video is considered as the only medium, which provides audio
and video-based learning for customers (Sadeh-Koniecpol et al.2017). Influencing feature
makes the online video more effective and efficient, but it is not time-dependent. It depends
upon the user how they manage to use their time. However, they can study independently.
Those are the benefits of the delivery system. Customer can learn from the web-based video,
which is available on the internet. Customer can watch those videos, as much time they want.
The videos may be expensive to buy or watch. Someone can watch those videos countless
times.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
AWARENESS OF SECURITY OPERATION
4.5 Simulation-based delivery methods
In simulation based delivery method, the customers have sent simulated phishing
emails for testing user’s helplessness by phishing attacks and then end-up with training. In
the end, customers have given the materials that will inform them about the upcoming
phishing attack (Brooks and Rieger 2016). A similar approach called embedded training that
teaches customers about the phishing attacks. Follow-up notification and phishing emails
avoid subsequent phishing attacks than those who have given a pamphlet that contains
information about combat phishing. A study shows that simulation-based and pamphlet-based
delivery models say users using follow-up notification were better able to avoid various kinds
of phishing attacks.
There is also another way of delivering awareness among employees named a game
based delivery system. Awareness could be created through a compact graphics and
advertisement between the game (Gupta, Arachchilage and Psannis 2018).
Figure 2: Different Methods of Delivery
(Source: Created by the Author)
AWARENESS OF SECURITY OPERATION
4.5 Simulation-based delivery methods
In simulation based delivery method, the customers have sent simulated phishing
emails for testing user’s helplessness by phishing attacks and then end-up with training. In
the end, customers have given the materials that will inform them about the upcoming
phishing attack (Brooks and Rieger 2016). A similar approach called embedded training that
teaches customers about the phishing attacks. Follow-up notification and phishing emails
avoid subsequent phishing attacks than those who have given a pamphlet that contains
information about combat phishing. A study shows that simulation-based and pamphlet-based
delivery models say users using follow-up notification were better able to avoid various kinds
of phishing attacks.
There is also another way of delivering awareness among employees named a game
based delivery system. Awareness could be created through a compact graphics and
advertisement between the game (Gupta, Arachchilage and Psannis 2018).
Figure 2: Different Methods of Delivery
(Source: Created by the Author)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
AWARENESS OF SECURITY OPERATION
5. Threats and Discussion
Phishing can be referred to as a fraudulent attempt that is being used for stealing
confidential information of users, like credit card and debit card details. The modern world
thinks that emails are the best modes of communication for any type of data sharing. At the
same time, the illegal business market is growing through a phishing email. Various kinds of
automated software tools have used to reach out the end-users for phishing (Zhao, An and
Kiekintveld 2016). These phishing tools are extremely effective for easier fixation the
duration and frequency of the attack. A phishing email is hiding the source of the mail or
hiding the main content of an important mail. Email spoofer Bulk Mailer is one of that main
phishing mail tool.
Phishing mainly relies on the deception, in which attackers can hide as other person
and is checked on the basis of human level relationships with their target. They even try to
disclose the information (Konradt, Schilling and Werners 2016). While classifying the target
vector, the employee should have looked into the problem through both social and
technological aspect. A phishing attack comprises of three major types of luring, hooking and
catching.
5.1 The lure
It is an email message, which appears from the lawful financial organization like
Mahindra bank where a message comprises of a link to catch the attention of the customer.
Some URL often hides the hook and hence the user does not any idea regarding this issue
(Filkins 2017).
AWARENESS OF SECURITY OPERATION
5. Threats and Discussion
Phishing can be referred to as a fraudulent attempt that is being used for stealing
confidential information of users, like credit card and debit card details. The modern world
thinks that emails are the best modes of communication for any type of data sharing. At the
same time, the illegal business market is growing through a phishing email. Various kinds of
automated software tools have used to reach out the end-users for phishing (Zhao, An and
Kiekintveld 2016). These phishing tools are extremely effective for easier fixation the
duration and frequency of the attack. A phishing email is hiding the source of the mail or
hiding the main content of an important mail. Email spoofer Bulk Mailer is one of that main
phishing mail tool.
Phishing mainly relies on the deception, in which attackers can hide as other person
and is checked on the basis of human level relationships with their target. They even try to
disclose the information (Konradt, Schilling and Werners 2016). While classifying the target
vector, the employee should have looked into the problem through both social and
technological aspect. A phishing attack comprises of three major types of luring, hooking and
catching.
5.1 The lure
It is an email message, which appears from the lawful financial organization like
Mahindra bank where a message comprises of a link to catch the attention of the customer.
Some URL often hides the hook and hence the user does not any idea regarding this issue
(Filkins 2017).
11
AWARENESS OF SECURITY OPERATION
5.2 The hook
The hook can be termed as a website, which copies the respective site of a legal
organization that the victim is willing to disclose confidential data (Tirumala, Sathu and
Naidu 2015).
5.3 The catch
The third type is catch, in which phisher makes use of all types of collected data.
Phishing attack covers a diverse range of techniques, which are spear phishing, clone
phishing and finally malware based phishing.
In a spear phishing email, the respective individual groups are being targeted apart
from a random user or group. In this kind of phishing, the attacker researches about their
potential victim and settings within the victim’s computer (Saleem and Hammoudeh 2018).
Clone phishing, on the other hand, a previously delivered lawful email is being used for
cloning a malicious email. This kind of phishing attack involves key loggers and screen
grabbers. Malware-based phishing is the type of phishing attack, in which malware is being
introduced within the mail for hacking confidential information.
The computer is being used for further phishing attack. Mahindra Bank, being a
popular bank, should understand each and every aspect related to phishing attack. It is the
fraudulent utilization of different electronic communications for deceiving and taking
advantage of users. Such attacks attempt in gaining confidential data like network credentials,
usernames, passwords or even credit card and debit card details (Pendleton et al. 2017). The
financial data of the bank’s customers could be stolen by the cyber attackers by manipulating
victims into clicking over a malicious attachment or link. Organizational network is being
accessed by the attackers for the core purpose of committing such fraud activities. Phishing
AWARENESS OF SECURITY OPERATION
5.2 The hook
The hook can be termed as a website, which copies the respective site of a legal
organization that the victim is willing to disclose confidential data (Tirumala, Sathu and
Naidu 2015).
5.3 The catch
The third type is catch, in which phisher makes use of all types of collected data.
Phishing attack covers a diverse range of techniques, which are spear phishing, clone
phishing and finally malware based phishing.
In a spear phishing email, the respective individual groups are being targeted apart
from a random user or group. In this kind of phishing, the attacker researches about their
potential victim and settings within the victim’s computer (Saleem and Hammoudeh 2018).
Clone phishing, on the other hand, a previously delivered lawful email is being used for
cloning a malicious email. This kind of phishing attack involves key loggers and screen
grabbers. Malware-based phishing is the type of phishing attack, in which malware is being
introduced within the mail for hacking confidential information.
The computer is being used for further phishing attack. Mahindra Bank, being a
popular bank, should understand each and every aspect related to phishing attack. It is the
fraudulent utilization of different electronic communications for deceiving and taking
advantage of users. Such attacks attempt in gaining confidential data like network credentials,
usernames, passwords or even credit card and debit card details (Pendleton et al. 2017). The
financial data of the bank’s customers could be stolen by the cyber attackers by manipulating
victims into clicking over a malicious attachment or link. Organizational network is being
accessed by the attackers for the core purpose of committing such fraud activities. Phishing
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.