Phishing Attack: Types, Technical Tricks, and Countermeasures
VerifiedAdded on 2023/06/15
|10
|2496
|423
AI Summary
This report provides an overview of phishing attacks, including their types, technical tricks used by attackers, and countermeasures to protect against them. The report emphasizes the importance of user education and process engineering in preventing phishing attacks. It also discusses client-side and server-side protection measures, as well as the role of the security community in detecting and preventing phishing attacks. Course code, course name, and college/university are not mentioned.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: PHISHING ATTACK
PHISHING ATTACK
Name of the Student
Name of the University
Author Note
PHISHING ATTACK
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2PHISHING ATTACK
Table of Contents
Introduction................................................................................................................................3
Problem description...................................................................................................................3
Technical tricks..........................................................................................................................4
Types of Phishing.......................................................................................................................4
Defense.......................................................................................................................................4
Phishing countermeasures..........................................................................................................5
Conclusion..................................................................................................................................6
Bibliography...............................................................................................................................7
Table of Contents
Introduction................................................................................................................................3
Problem description...................................................................................................................3
Technical tricks..........................................................................................................................4
Types of Phishing.......................................................................................................................4
Defense.......................................................................................................................................4
Phishing countermeasures..........................................................................................................5
Conclusion..................................................................................................................................6
Bibliography...............................................................................................................................7
3PHISHING ATTACK
Introduction
Phishing can be termed as a form of fraud in which the attacker masquerades as a
reputable entity or a person in the form of email or other form of channel communication.
The main idea, which is involved in the activity, is that the attacker uses phishing emails in
order to distribute attachments and malicious link that can perform variety of functions. The
activity may include extraction of the login details or details of the account of the user1. The
phishing activity can be termed as popular cybercrime due to the factor that it is very easy to
trick someone to click a malicious link in an email, which is seemingly legitimate. After this
activity, the hackers try to break through the defense of the computer.
The main aim of the report is to put emphasis on the term of phishing and its
associated working field. The focus would be put on the concept of the problem, which is
associated in the area and the defensive measure, which can be applied to the area. As the
concept is involved in the area of the cyber criminals, it should be of high importance to
defend against it and safe the user from the activity.
Problem description
The phishing majorly relies on a concept where the attackers indulge themselves as
some other person. This is based on human level relationship and reputation with a target
trying to uncover information. There is conflict that the concept of the phishing can be termed
as a science problem related to social, due to the factor that the attacker implement the tools
which are social to exploit the victims. On the other hand, there is a counter of the agreement
that it requires technical knowledge about the system, which is used by the victim2. Concept
of avoiding the security measures and directly making the message look very much credible
1 Marforio, Claudio, et al. "Personalized security indicators to detect application phishing attacks in mobile
platforms." arXiv preprint arXiv:1502.06824 (2015).
2 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
Introduction
Phishing can be termed as a form of fraud in which the attacker masquerades as a
reputable entity or a person in the form of email or other form of channel communication.
The main idea, which is involved in the activity, is that the attacker uses phishing emails in
order to distribute attachments and malicious link that can perform variety of functions. The
activity may include extraction of the login details or details of the account of the user1. The
phishing activity can be termed as popular cybercrime due to the factor that it is very easy to
trick someone to click a malicious link in an email, which is seemingly legitimate. After this
activity, the hackers try to break through the defense of the computer.
The main aim of the report is to put emphasis on the term of phishing and its
associated working field. The focus would be put on the concept of the problem, which is
associated in the area and the defensive measure, which can be applied to the area. As the
concept is involved in the area of the cyber criminals, it should be of high importance to
defend against it and safe the user from the activity.
Problem description
The phishing majorly relies on a concept where the attackers indulge themselves as
some other person. This is based on human level relationship and reputation with a target
trying to uncover information. There is conflict that the concept of the phishing can be termed
as a science problem related to social, due to the factor that the attacker implement the tools
which are social to exploit the victims. On the other hand, there is a counter of the agreement
that it requires technical knowledge about the system, which is used by the victim2. Concept
of avoiding the security measures and directly making the message look very much credible
1 Marforio, Claudio, et al. "Personalized security indicators to detect application phishing attacks in mobile
platforms." arXiv preprint arXiv:1502.06824 (2015).
2 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
4PHISHING ATTACK
in order to gain attention of the user. In order to classify the vectors of the attack the problem
can be defined through the concept of both social engineering as well as technical
prospective.
The lure can be considered as the most commonly used email message that basically
appear to be from the end of a legitimate organization for example bank or internet
service provider. The message usually contains links in order to hock the system. The
hock is hidden by a obfuscating the URL.
The hook can be termed as a basic website which is a mimic of the site of the legitimate
institute, which the victim or the phish is willing to obtain the information from, which
are confidential.
The catch can be referred as to making use of the information, which is being collected
from the process3.
Technical tricks
A phishing activity typically involves few basic steps, which can be referred to as
technical tricks. These tricks are usually done in order to make them more convincing to the
user. Few steps that can be incorporated are:
Using of trademarks, images, logos, which may be associated with an organization. The
phisher wants the user to fell that it from the end of an authenticated person or
organization.
In some of the cases it is seen that the email itself include the advice towards the user not
to click on the email link. This approach makes the message look more authenticated and
clearly, the user would directly click on the link, which are embedded.
URL encoding and hiding.
3 Abdelhamid, Neda, Aladdin Ayesh, and Fadi Thabtah. "Phishing detection based associative classification data
mining." Expert Systems with Applications 41.13 (2014): 5948-5959.
in order to gain attention of the user. In order to classify the vectors of the attack the problem
can be defined through the concept of both social engineering as well as technical
prospective.
The lure can be considered as the most commonly used email message that basically
appear to be from the end of a legitimate organization for example bank or internet
service provider. The message usually contains links in order to hock the system. The
hock is hidden by a obfuscating the URL.
The hook can be termed as a basic website which is a mimic of the site of the legitimate
institute, which the victim or the phish is willing to obtain the information from, which
are confidential.
The catch can be referred as to making use of the information, which is being collected
from the process3.
Technical tricks
A phishing activity typically involves few basic steps, which can be referred to as
technical tricks. These tricks are usually done in order to make them more convincing to the
user. Few steps that can be incorporated are:
Using of trademarks, images, logos, which may be associated with an organization. The
phisher wants the user to fell that it from the end of an authenticated person or
organization.
In some of the cases it is seen that the email itself include the advice towards the user not
to click on the email link. This approach makes the message look more authenticated and
clearly, the user would directly click on the link, which are embedded.
URL encoding and hiding.
3 Abdelhamid, Neda, Aladdin Ayesh, and Fadi Thabtah. "Phishing detection based associative classification data
mining." Expert Systems with Applications 41.13 (2014): 5948-5959.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5PHISHING ATTACK
It can be more beneficial from the point of view of the user to click on the client if the
message is originated from an end the user knows 4.
Types of Phishing
Spear phishing: one of the most troubling development is in the sector of Spear
phishing. This refers to email which are targeted to particular groups and user rather than
spamming random user. Spear phishing is generally preceded from the end of the attacker
taking into researching the setting and the potential victim. The attacker sends a message,
which exactly appear to be from the source of a legitimate end. The concept of the Spear
phishing is also incorporated for the corporates executive or official of the government.
This type of attack are also known as “Whaling”.
Clone phishing: In clone phishing, phishing a previously delivered email of a legitimate
user is introduced to be used to clone the malicious email. The email, which is malicious,
contains a redirection link to the website of the phisher. Such types of link are mostly
obfuscated by the either substituting characters which are similar such as zero (0) for
capital alphabet 0 (capital o). On the other hand, it can be done using Unicode UTF- 8
characters, which are encoded as sequence escape.
Malware based phishing: Malware phishing can be referred to as an attack that result in
running and installing malicious software in the user’s computer. Generally, the malware
is introduced into the system by means of a link, which is downloadable. In the phishing
attack, the malware generally include screen grabbers and key loggers and spyware that
can capture and logs the input of the keyboard of the victim’s computer as a main goal 5.
4 Arachchilage, Nalin Asanka Gamagedara, and Steve Love. "A game design framework for avoiding phishing
attacks." Computers in Human Behavior 29.3 (2013): 706-714.
5 Wright, Ryan T., et al. "Research Note—Influence Techniques in Phishing Attacks: An Examination of
Vulnerability and Resistance." Information systems research 25.2 (2014): 385-400.
It can be more beneficial from the point of view of the user to click on the client if the
message is originated from an end the user knows 4.
Types of Phishing
Spear phishing: one of the most troubling development is in the sector of Spear
phishing. This refers to email which are targeted to particular groups and user rather than
spamming random user. Spear phishing is generally preceded from the end of the attacker
taking into researching the setting and the potential victim. The attacker sends a message,
which exactly appear to be from the source of a legitimate end. The concept of the Spear
phishing is also incorporated for the corporates executive or official of the government.
This type of attack are also known as “Whaling”.
Clone phishing: In clone phishing, phishing a previously delivered email of a legitimate
user is introduced to be used to clone the malicious email. The email, which is malicious,
contains a redirection link to the website of the phisher. Such types of link are mostly
obfuscated by the either substituting characters which are similar such as zero (0) for
capital alphabet 0 (capital o). On the other hand, it can be done using Unicode UTF- 8
characters, which are encoded as sequence escape.
Malware based phishing: Malware phishing can be referred to as an attack that result in
running and installing malicious software in the user’s computer. Generally, the malware
is introduced into the system by means of a link, which is downloadable. In the phishing
attack, the malware generally include screen grabbers and key loggers and spyware that
can capture and logs the input of the keyboard of the victim’s computer as a main goal 5.
4 Arachchilage, Nalin Asanka Gamagedara, and Steve Love. "A game design framework for avoiding phishing
attacks." Computers in Human Behavior 29.3 (2013): 706-714.
5 Wright, Ryan T., et al. "Research Note—Influence Techniques in Phishing Attacks: An Examination of
Vulnerability and Resistance." Information systems research 25.2 (2014): 385-400.
6PHISHING ATTACK
Defense
It is believed that the problem, which is related to the concept of phishing, has to be
directly tackled with a heuristic approach. This approach may include technical enhancement,
user education and process engineering.
Technical enhancement: Various software of anti spamming are available in the market
which are claimed to be of high success rate to filter spam messages. Taking into
consideration the reality, the software would be directly successful to filter illegal activity
“Nigeria prince scams” but on the other hand yield the more complicated phish craft 6.
The concept of the filters and the firewalls might be effective in order to control the fixed
source fraud communication. This may be handled by blocking the source and
maintaining the concept of blacklist but it can be stated that the modern environment of
the phishing is very much complicated.
User education: the user training and education can be considered very much essential
taking into consideration the skills of the user and the capability of using any electronic
channel of communication. It should be taken into consideration that the phishing attack
is at its most effective during the first few hours of the attack. Since the concept of the
phishing attacks normal target of multiple user from either the same location or different
location, sharing of the knowledge of the attack and how it is done should be a part of the
program.
Process engineering: Fine-tuning of the business can be done from the knowledge,
which is learnt about the attack 7. The business process should be engineered in a way,
6 Marforio, Claudio, et al. "Hardened setup of personalized security indicators to counter phishing attacks in
mobile banking." Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile
Devices. ACM, 2016.
7 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
Defense
It is believed that the problem, which is related to the concept of phishing, has to be
directly tackled with a heuristic approach. This approach may include technical enhancement,
user education and process engineering.
Technical enhancement: Various software of anti spamming are available in the market
which are claimed to be of high success rate to filter spam messages. Taking into
consideration the reality, the software would be directly successful to filter illegal activity
“Nigeria prince scams” but on the other hand yield the more complicated phish craft 6.
The concept of the filters and the firewalls might be effective in order to control the fixed
source fraud communication. This may be handled by blocking the source and
maintaining the concept of blacklist but it can be stated that the modern environment of
the phishing is very much complicated.
User education: the user training and education can be considered very much essential
taking into consideration the skills of the user and the capability of using any electronic
channel of communication. It should be taken into consideration that the phishing attack
is at its most effective during the first few hours of the attack. Since the concept of the
phishing attacks normal target of multiple user from either the same location or different
location, sharing of the knowledge of the attack and how it is done should be a part of the
program.
Process engineering: Fine-tuning of the business can be done from the knowledge,
which is learnt about the attack 7. The business process should be engineered in a way,
6 Marforio, Claudio, et al. "Hardened setup of personalized security indicators to counter phishing attacks in
mobile banking." Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile
Devices. ACM, 2016.
7 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
7PHISHING ATTACK
which can provide appropriate balance and check, are kept in user informed judgment,
and place 8.
Phishing countermeasures
There are no such silver bullet to tackle the issue, which are related to the phishing.
The phishing countermeasures can be categorized into two parts client side tools, server side
protection and other players.
Client side tools
o Password management: The users usually select password, which are very easy to
retrieve. The users should be encouraged to use different password and manage it using a
password protection system. This would directly prevent capture the credential of the
login for a single site it should limit the damage 9.
o Electronic communication filtering: the concept of electronic filtering should be adopted
which filters the content of the data, which are exchanged on the corporate network. The
encryption of the data should be a mandatory practice in order to ensure the security
concept.
Server side protection
o Authentication procedures: The scheme of single server authentication needs to be
replaced with either factor authentication or two-factor authentication10. The decision of
which should be incorporated are taken on the factor of which one is cost effective. It
should be taken into consideration that there are risk, which are associated with the
intrusive procedures of the security, which may alienate the user. These procedures
8 Wu, Longfei, Xiaojiang Du, and Jie Wu. "Effective defense schemes for phishing attacks on mobile computing
platforms." IEEE Transactions on Vehicular Technology 65.8 (2016): 6678-6691.
9 Jensen, Matthew L., et al. "Training to Mitigate Phishing Attacks Using Mindfulness Techniques." Journal of
Management Information Systems 34.2 (2017): 597-626.
10 Gupta, B. B., et al. "Fighting against phishing attacks: state of the art and future challenges." Neural
Computing and Applications 28.12 (2017): 3629-3654.
which can provide appropriate balance and check, are kept in user informed judgment,
and place 8.
Phishing countermeasures
There are no such silver bullet to tackle the issue, which are related to the phishing.
The phishing countermeasures can be categorized into two parts client side tools, server side
protection and other players.
Client side tools
o Password management: The users usually select password, which are very easy to
retrieve. The users should be encouraged to use different password and manage it using a
password protection system. This would directly prevent capture the credential of the
login for a single site it should limit the damage 9.
o Electronic communication filtering: the concept of electronic filtering should be adopted
which filters the content of the data, which are exchanged on the corporate network. The
encryption of the data should be a mandatory practice in order to ensure the security
concept.
Server side protection
o Authentication procedures: The scheme of single server authentication needs to be
replaced with either factor authentication or two-factor authentication10. The decision of
which should be incorporated are taken on the factor of which one is cost effective. It
should be taken into consideration that there are risk, which are associated with the
intrusive procedures of the security, which may alienate the user. These procedures
8 Wu, Longfei, Xiaojiang Du, and Jie Wu. "Effective defense schemes for phishing attacks on mobile computing
platforms." IEEE Transactions on Vehicular Technology 65.8 (2016): 6678-6691.
9 Jensen, Matthew L., et al. "Training to Mitigate Phishing Attacks Using Mindfulness Techniques." Journal of
Management Information Systems 34.2 (2017): 597-626.
10 Gupta, B. B., et al. "Fighting against phishing attacks: state of the art and future challenges." Neural
Computing and Applications 28.12 (2017): 3629-3654.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8PHISHING ATTACK
should be revised and renewed frequently to match the pace of the anti-security research
and the development of industry.
Other players
In recent times, there is a huge increase of the number of security researchers 11.
Organization are very much advised to keep up pace with the community and report incident.
The community of the well-advised group play a very vital role in suspicious activity
prevention and detection. One’s a phishing attack is exposed, the related company or the
organization should interact with the customer and the stakeholders and inform them about
the fraud12.
Conclusion
The report can be ended on a note that the phishing attack plays a vital role in the
sphere of advanced security over the network. The direct effect of the attack can be on an
individual for an organization. Phishing can never be eradicated by preventive can decrease
the overall effect of the attack. The user’s education remain one of the most important factors
in order to provide the necessary details of the security aspects. The organization who
provide the basic service also have to play a role in the activity.
11 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
12 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
should be revised and renewed frequently to match the pace of the anti-security research
and the development of industry.
Other players
In recent times, there is a huge increase of the number of security researchers 11.
Organization are very much advised to keep up pace with the community and report incident.
The community of the well-advised group play a very vital role in suspicious activity
prevention and detection. One’s a phishing attack is exposed, the related company or the
organization should interact with the customer and the stakeholders and inform them about
the fraud12.
Conclusion
The report can be ended on a note that the phishing attack plays a vital role in the
sphere of advanced security over the network. The direct effect of the attack can be on an
individual for an organization. Phishing can never be eradicated by preventive can decrease
the overall effect of the attack. The user’s education remain one of the most important factors
in order to provide the necessary details of the security aspects. The organization who
provide the basic service also have to play a role in the activity.
11 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
12 Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the Techniques of Social
Engineering by Analyzing Modern-day Phishing Attacks on Universities." (2016).
9PHISHING ATTACK
Bibliography
Abdelhamid, Neda, Aladdin Ayesh, and Fadi Thabtah. "Phishing detection based associative
classification data mining." Expert Systems with Applications 41.13 (2014): 5948-5959.
Arachchilage, Nalin Asanka Gamagedara, and Steve Love. "A game design framework for
avoiding phishing attacks." Computers in Human Behavior 29.3 (2013): 706-714.
Gupta, B. B., et al. "Fighting against phishing attacks: state of the art and future
challenges." Neural Computing and Applications 28.12 (2017): 3629-3654.
Marforio, Claudio, et al. "Hardened setup of personalized security indicators to counter
phishing attacks in mobile banking." Proceedings of the 6th Workshop on Security and
Privacy in Smartphones and Mobile Devices. ACM, 2016.
Marforio, Claudio, et al. "Personalized security indicators to detect application phishing
attacks in mobile platforms." arXiv preprint arXiv:1502.06824 (2015).
Vidas, Timothy, et al. "QRishing: The susceptibility of smartphone users to QR code
phishing attacks." International Conference on Financial Cryptography and Data Security.
Springer, Berlin, Heidelberg, 2013.
Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the
Techniques of Social Engineering by Analyzing Modern-day Phishing Attacks on
Universities." (2016).
Wright, Ryan T., et al. "Research Note—Influence Techniques in Phishing Attacks: An
Examination of Vulnerability and Resistance." Information systems research 25.2 (2014):
385-400.
Bibliography
Abdelhamid, Neda, Aladdin Ayesh, and Fadi Thabtah. "Phishing detection based associative
classification data mining." Expert Systems with Applications 41.13 (2014): 5948-5959.
Arachchilage, Nalin Asanka Gamagedara, and Steve Love. "A game design framework for
avoiding phishing attacks." Computers in Human Behavior 29.3 (2013): 706-714.
Gupta, B. B., et al. "Fighting against phishing attacks: state of the art and future
challenges." Neural Computing and Applications 28.12 (2017): 3629-3654.
Marforio, Claudio, et al. "Hardened setup of personalized security indicators to counter
phishing attacks in mobile banking." Proceedings of the 6th Workshop on Security and
Privacy in Smartphones and Mobile Devices. ACM, 2016.
Marforio, Claudio, et al. "Personalized security indicators to detect application phishing
attacks in mobile platforms." arXiv preprint arXiv:1502.06824 (2015).
Vidas, Timothy, et al. "QRishing: The susceptibility of smartphone users to QR code
phishing attacks." International Conference on Financial Cryptography and Data Security.
Springer, Berlin, Heidelberg, 2013.
Weaver, Greg, Allen Furr, and Robert Norton. "Deception of Phishing: Studying the
Techniques of Social Engineering by Analyzing Modern-day Phishing Attacks on
Universities." (2016).
Wright, Ryan T., et al. "Research Note—Influence Techniques in Phishing Attacks: An
Examination of Vulnerability and Resistance." Information systems research 25.2 (2014):
385-400.
10PHISHING ATTACK
Wu, Longfei, Xiaojiang Du, and Jie Wu. "Effective defense schemes for phishing attacks on
mobile computing platforms." IEEE Transactions on Vehicular Technology 65.8 (2016):
6678-6691.
Wu, Longfei, Xiaojiang Du, and Jie Wu. "Effective defense schemes for phishing attacks on
mobile computing platforms." IEEE Transactions on Vehicular Technology 65.8 (2016):
6678-6691.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.