CC3101 Coursework: Investigating Phishing Attacks and Defense Measures
VerifiedAdded on 2023/06/11
|10
|2206
|112
Report
AI Summary
This report provides a detailed analysis of phishing attacks, including spear phishing, and explores how cybercriminals use social media to launch these attacks. It examines the techniques and strategies employed by cybercriminals to gather login details and other sensitive information, as well as the effects of phishing attacks on individuals and companies. The report also outlines defense strategies for both individuals and companies, including measures like password protection, keeping systems updated, and implementing robust security policies. The study emphasizes the importance of cybersecurity awareness and proactive measures to mitigate the risks associated with phishing attacks. Desklib provides access to this and other solved assignments.
Cyber-Security and its
dimensions
dimensions
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION ..........................................................................................................................3
TASK ..............................................................................................................................................3
SECTION 1- : Research into Phishing Attacks...............................................................................3
What is phishing and spear phishing?.........................................................................................3
How is spear phishing used to target victims?............................................................................3
How do cyber criminals use social media to launch phishing attacks?......................................3
What techniques or strategies are used by cyber criminals when using phishing to gather log-
in details or other information?...................................................................................................3
What effects do phishing attacks have on individuals and companies?......................................3
SECTION 2- Defence against Phishing Attacks.............................................................................3
How do individuals protect themselves from phishing attacks, what measures do they need to
take to protect themselves?.........................................................................................................3
How do companies defend themselves against phishing attacks, what methods do they use.....3
CONCLUSION ...............................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION ..........................................................................................................................3
TASK ..............................................................................................................................................3
SECTION 1- : Research into Phishing Attacks...............................................................................3
What is phishing and spear phishing?.........................................................................................3
How is spear phishing used to target victims?............................................................................3
How do cyber criminals use social media to launch phishing attacks?......................................3
What techniques or strategies are used by cyber criminals when using phishing to gather log-
in details or other information?...................................................................................................3
What effects do phishing attacks have on individuals and companies?......................................3
SECTION 2- Defence against Phishing Attacks.............................................................................3
How do individuals protect themselves from phishing attacks, what measures do they need to
take to protect themselves?.........................................................................................................3
How do companies defend themselves against phishing attacks, what methods do they use.....3
CONCLUSION ...............................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION
Cyber-Security is a major concern for the individuals and organisations which can impact
on the functioning. In the recent times, major cyber attacks like phishing, malware, spyware and
malware are increasing which is demanding for cyber security based development (Furnell,
Fischer, and Finch, 2017). In order to deal with the cyber-security issues, it is important for a
business for a business to hire IT experts and professionals in order to deal with major
consequences and challenges. In this report there is a brief explanation of various cyber security
issues like phishing and measures to deal with them. This report concludes key importance of
strategic and planning framework in order to make the IT projects successful.
Cyber-Security is a major concern for the individuals and organisations which can impact
on the functioning. In the recent times, major cyber attacks like phishing, malware, spyware and
malware are increasing which is demanding for cyber security based development (Furnell,
Fischer, and Finch, 2017). In order to deal with the cyber-security issues, it is important for a
business for a business to hire IT experts and professionals in order to deal with major
consequences and challenges. In this report there is a brief explanation of various cyber security
issues like phishing and measures to deal with them. This report concludes key importance of
strategic and planning framework in order to make the IT projects successful.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
TASK
SECTION 1- : Research into Phishing Attacks
What is phishing and spear phishing
Phishing is a type of cyber attack which is done to steal money of a person in the digital
form. The phishing also includes revealing of personal information like credit card information,
bank information and other relevant information.
The spear phishing is considered as the fraudulent practice of sending emails ostensibly
from a known or trusted sender in order to induce targeted individuals to reveal confidential
information.
How is spear phishing used to target victims
The spear phishing is considered as key approach which is performed as a cyber attack to
steal crucial information (Khisamova, Begishev, and Sidorenko, 2019). In the recent times, spear
phishing attacks victims directly and achieve the precise information and black mailing them.
SECTION 1- : Research into Phishing Attacks
What is phishing and spear phishing
Phishing is a type of cyber attack which is done to steal money of a person in the digital
form. The phishing also includes revealing of personal information like credit card information,
bank information and other relevant information.
The spear phishing is considered as the fraudulent practice of sending emails ostensibly
from a known or trusted sender in order to induce targeted individuals to reveal confidential
information.
How is spear phishing used to target victims
The spear phishing is considered as key approach which is performed as a cyber attack to
steal crucial information (Khisamova, Begishev, and Sidorenko, 2019). In the recent times, spear
phishing attacks victims directly and achieve the precise information and black mailing them.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
How do cyber criminals use social media to launch phishing attacks
Phishing attack is defined as the social engineering attack that is performed by the cyber
criminals to steal user data that includes credit card number and login credentials for unethical
purpose. Cybercrime has become the powerful tool for the criminals to steal personal
information and extort money. Speed, convenience and anonymity of internet enabled criminals
to launch attack with little efforts. Phishing become the most common form of cyberattack due to
its simplicity and effectiveness. There are various phishing attacks such as email phishing, spear
phishing, whaling, smishing and vishing as well as angle phishing that impact an individual in
negative manner. Cyber criminals use social media for conducting or launching phishing attack.
Now these days, most of people are active on the various social media platforms such as
Facebook, Instagram, Twitter and others so, cyber criminals use these platforms to gain full
information of user and organisation to create target spare phishing campaigns in order to hijack
accounts, damage reputation of organisation as well as gain access of business networks
(Kimani, Oduol, and Langat, 2019). Cyber criminals use different social media sites for
accessing personal and professional information regarding an individual such as age, email
address, location, job title and social activities. Gaining all these data and information helps
hackers to launch highly targeted as well as personalised phishing attack. There are various
personal posts on social media, attackers use personal conversation and information for
launching the phishing attack that impact negatively on an individual.
What techniques or strategies are used by cyber criminals when using phishing to gather log-in
details or other information
There are various techniques and strategies are used by the cyber criminals during the phishing
attack to get login and other personal information that creates negative impact on an individual.
These techniques are explained below: Covid-19 specific phishing: Cyber criminals take advantages of topical trends as well as
fear in the wider marketplace in order to access sensitive details. In the pandemic, the
activities of phishing attack are raised. Criminals twisting existing forms of cybercrime to
suit the narrative of pandemic. Emails and phone calls for vaccination are used to get
information for unethical purpose.
Phishing attack is defined as the social engineering attack that is performed by the cyber
criminals to steal user data that includes credit card number and login credentials for unethical
purpose. Cybercrime has become the powerful tool for the criminals to steal personal
information and extort money. Speed, convenience and anonymity of internet enabled criminals
to launch attack with little efforts. Phishing become the most common form of cyberattack due to
its simplicity and effectiveness. There are various phishing attacks such as email phishing, spear
phishing, whaling, smishing and vishing as well as angle phishing that impact an individual in
negative manner. Cyber criminals use social media for conducting or launching phishing attack.
Now these days, most of people are active on the various social media platforms such as
Facebook, Instagram, Twitter and others so, cyber criminals use these platforms to gain full
information of user and organisation to create target spare phishing campaigns in order to hijack
accounts, damage reputation of organisation as well as gain access of business networks
(Kimani, Oduol, and Langat, 2019). Cyber criminals use different social media sites for
accessing personal and professional information regarding an individual such as age, email
address, location, job title and social activities. Gaining all these data and information helps
hackers to launch highly targeted as well as personalised phishing attack. There are various
personal posts on social media, attackers use personal conversation and information for
launching the phishing attack that impact negatively on an individual.
What techniques or strategies are used by cyber criminals when using phishing to gather log-in
details or other information
There are various techniques and strategies are used by the cyber criminals during the phishing
attack to get login and other personal information that creates negative impact on an individual.
These techniques are explained below: Covid-19 specific phishing: Cyber criminals take advantages of topical trends as well as
fear in the wider marketplace in order to access sensitive details. In the pandemic, the
activities of phishing attack are raised. Criminals twisting existing forms of cybercrime to
suit the narrative of pandemic. Emails and phone calls for vaccination are used to get
information for unethical purpose.
Business email compromise: Business email compromise attacks are raising because
more people are working through digital platform. Various organisations are shifting
towards remote working environment so, teams are spending more information and
relative data through email boxes (Lezzi, Lazoi, and Corallo, 2018). Cyber criminals hack
these emails to get information and use it in negative manner that impact on
organisational reputation.
Credential stuffing: It is another technique that is used by the cyber criminals for gaining
login and other information for launching phishing attack. In this technique, cyber
attackers testing millions of emails and passwords combination on various sites in the
hope that details that work on one website also work on another one. In the duration of
pandemic various when almost activities are done through online modes than massive
digital activities are raised. Remote working employees also reusing password on
multiple platforms that helps criminals to get information for phishing attack.
What effects do phishing attacks have on individuals and companies
Phishing can be described as an attack made by a person for purpose of stealing money
and identify of a person by revealing their personal information like bank information,
passwords, credit card numbers and other things on website by pretending to be as legitimate.
There are various cyber criminals which pretend themselves as reputable companies,
acquaintances or friends to fake message a person in order to link to phishing website which can
impact on company (Mahdavifar, and Ghorbani, 2019). The main effect of phishing attack is it
steals crucial information related to the database of a user and company.
Spear phishing can be targeted and personalised for specific individual, organisation and
group. It is using potent variant of phishing, malicious tactics that consist use of emails, instance
messaging, social media as well as other user in order to divulge various personal information
and perform action. It results in data loss, financial loss as well as network compromise. It can be
relay on different shotgun method which helps to deliver mass emails to random individual who
spear phishing. It focus on targets and also consist prior research. The spear phishing attack also
creates major obstacles for company and individuals by stealing major data.
more people are working through digital platform. Various organisations are shifting
towards remote working environment so, teams are spending more information and
relative data through email boxes (Lezzi, Lazoi, and Corallo, 2018). Cyber criminals hack
these emails to get information and use it in negative manner that impact on
organisational reputation.
Credential stuffing: It is another technique that is used by the cyber criminals for gaining
login and other information for launching phishing attack. In this technique, cyber
attackers testing millions of emails and passwords combination on various sites in the
hope that details that work on one website also work on another one. In the duration of
pandemic various when almost activities are done through online modes than massive
digital activities are raised. Remote working employees also reusing password on
multiple platforms that helps criminals to get information for phishing attack.
What effects do phishing attacks have on individuals and companies
Phishing can be described as an attack made by a person for purpose of stealing money
and identify of a person by revealing their personal information like bank information,
passwords, credit card numbers and other things on website by pretending to be as legitimate.
There are various cyber criminals which pretend themselves as reputable companies,
acquaintances or friends to fake message a person in order to link to phishing website which can
impact on company (Mahdavifar, and Ghorbani, 2019). The main effect of phishing attack is it
steals crucial information related to the database of a user and company.
Spear phishing can be targeted and personalised for specific individual, organisation and
group. It is using potent variant of phishing, malicious tactics that consist use of emails, instance
messaging, social media as well as other user in order to divulge various personal information
and perform action. It results in data loss, financial loss as well as network compromise. It can be
relay on different shotgun method which helps to deliver mass emails to random individual who
spear phishing. It focus on targets and also consist prior research. The spear phishing attack also
creates major obstacles for company and individuals by stealing major data.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
SECTION 2- Defence against Phishing Attacks
How do individuals protect themselves from phishing attacks, what measures do they need to
take to protect themselves?
Individuals need to take care of themselves with phishing attacks and protect them also from
these varied attacks. There are some measures that need to be taken for protecting themselves
from all these phishing attacks happening, these measures can be described as follows:
No sharing of passwords: people should never share their passwords with anyone and
never save their passwords with and on any sites (Teoh, and Mahmood, 2017). This
gives them a chance of phishing attack, and that a can even lead to leaking of personal
information and any other relevant data and information can be leaked and can be take
complete advantage of it.
Keeping gadgets free from spams and viruses: another way to keep out of phishing
attack is keep gadgets free from spams and viruses. Anything and any link that are
suspicious should be clicked or opened and should always be avoided for any further
issues and problems.
Keeping browsers up to date: the other method is to keep browsers and all operating
functions updated and of complete use for individuals (Srinivas, Das, and Kumar, 2019).
This will avoid the issues that can arise from phishing attacks.
Not sharing anything personal: individuals should never update or post or share
anything or any personal information on any site. If there is a leak in personal
information it can create many problems and issues for that person, so to avoid this there
should not be any sharing of personal information.
How do individuals protect themselves from phishing attacks, what measures do they need to
take to protect themselves?
Individuals need to take care of themselves with phishing attacks and protect them also from
these varied attacks. There are some measures that need to be taken for protecting themselves
from all these phishing attacks happening, these measures can be described as follows:
No sharing of passwords: people should never share their passwords with anyone and
never save their passwords with and on any sites (Teoh, and Mahmood, 2017). This
gives them a chance of phishing attack, and that a can even lead to leaking of personal
information and any other relevant data and information can be leaked and can be take
complete advantage of it.
Keeping gadgets free from spams and viruses: another way to keep out of phishing
attack is keep gadgets free from spams and viruses. Anything and any link that are
suspicious should be clicked or opened and should always be avoided for any further
issues and problems.
Keeping browsers up to date: the other method is to keep browsers and all operating
functions updated and of complete use for individuals (Srinivas, Das, and Kumar, 2019).
This will avoid the issues that can arise from phishing attacks.
Not sharing anything personal: individuals should never update or post or share
anything or any personal information on any site. If there is a leak in personal
information it can create many problems and issues for that person, so to avoid this there
should not be any sharing of personal information.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
How do companies defend themselves against phishing attacks, what methods do they use
Companies need to take a good care of their all relevant and personal information. There
should not be any lacking in their policies that can lead or stuck them in various other phishing
attacks or any computing problems in future. To avoid these, companies can opt for various
methods and ways. These are explained as follows:
Trust worthy employees: companies should build and have only trust worthy and
complete trusting and honest employees working for them. This will enable them to
protect them from phishing attacks as there will be no leakage in companies' personal
information.
Identity protection systems: Companies should opt for all security and protection
systems for its employees and all other staff members (von Solms, and von Solms,
2018). Companies should opt for all security and protection systems for its employees
and all other staff members. there should identity cards and identity prints for every
employee and staff member working for the entity.
Web filter to block malicious website: there should a different operating team for
checking and blocking malicious website or the websites that can harm the operating and
working of organization and even can result in phishing attacks for the enterprise.
Security policies: there should be numerous and effective security policies, rules and
regulations for all employees and members so that they cannot cheat or be dishonest with
the company and organisation. these security policies opt will help organisations in
avoiding future phishing attacks on companies.
Companies need to take a good care of their all relevant and personal information. There
should not be any lacking in their policies that can lead or stuck them in various other phishing
attacks or any computing problems in future. To avoid these, companies can opt for various
methods and ways. These are explained as follows:
Trust worthy employees: companies should build and have only trust worthy and
complete trusting and honest employees working for them. This will enable them to
protect them from phishing attacks as there will be no leakage in companies' personal
information.
Identity protection systems: Companies should opt for all security and protection
systems for its employees and all other staff members (von Solms, and von Solms,
2018). Companies should opt for all security and protection systems for its employees
and all other staff members. there should identity cards and identity prints for every
employee and staff member working for the entity.
Web filter to block malicious website: there should a different operating team for
checking and blocking malicious website or the websites that can harm the operating and
working of organization and even can result in phishing attacks for the enterprise.
Security policies: there should be numerous and effective security policies, rules and
regulations for all employees and members so that they cannot cheat or be dishonest with
the company and organisation. these security policies opt will help organisations in
avoiding future phishing attacks on companies.
CONCLUSION
From the above stated report it can be concluded that cyber-security is a major issue
which should be handled by an individual. This project concludes key role of IT experts in order
to lead the marketplace in a set period of time. Major rules and regulations related to cyber-
security should be followed by a business entity in order to gain effectiveness in key operations.
This project also concludes that in order to stop phishing attacks, it is important for the
companies and individuals to implement cyber laws.
From the above stated report it can be concluded that cyber-security is a major issue
which should be handled by an individual. This project concludes key role of IT experts in order
to lead the marketplace in a set period of time. Major rules and regulations related to cyber-
security should be followed by a business entity in order to gain effectiveness in key operations.
This project also concludes that in order to stop phishing attacks, it is important for the
companies and individuals to implement cyber laws.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
REFERENCES
Books and Journals``
Furnell, S., Fischer, P. and Finch, A., 2017. Can't get the staff? The growing need for cyber-
security skills. Computer Fraud & Security, 2017(2), pp.5-10.
Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and
perspectives. CRC Press.
Khisamova, Z.I., Begishev, I.R. and Sidorenko, E.L., 2019. Artificial intelligence and problems
of ensuring cyber security. International Journal of Cyber Criminology, 13(2), pp.564-577.
Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart grid
networks. International Journal of Critical Infrastructure Protection, 25, pp.36-49.
Lezzi, M., Lazoi, M. and Corallo, A., 2018. Cybersecurity for Industry 4.0 in the current
literature: A reference framework. Computers in Industry, 103, pp.97-110.
Mahdavifar, S. and Ghorbani, A.A., 2019. Application of deep learning to cybersecurity: A
survey. Neurocomputing, 347, pp.149-176.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security:
Framework, standards and recommendations. Future Generation Computer Systems, 92, pp.178-
188.
Teoh, C.S. and Mahmood, A.K., 2017, July. National cyber security strategies for digital
economy. In 2017 International Conference on Research and Innovation in Information Systems
(ICRIIS) (pp. 1-6). IEEE.
von Solms, B. and von Solms, R., 2018. Cybersecurity and information security–what goes
where?. Information & Computer Security.
Books and Journals``
Furnell, S., Fischer, P. and Finch, A., 2017. Can't get the staff? The growing need for cyber-
security skills. Computer Fraud & Security, 2017(2), pp.5-10.
Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and
perspectives. CRC Press.
Khisamova, Z.I., Begishev, I.R. and Sidorenko, E.L., 2019. Artificial intelligence and problems
of ensuring cyber security. International Journal of Cyber Criminology, 13(2), pp.564-577.
Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart grid
networks. International Journal of Critical Infrastructure Protection, 25, pp.36-49.
Lezzi, M., Lazoi, M. and Corallo, A., 2018. Cybersecurity for Industry 4.0 in the current
literature: A reference framework. Computers in Industry, 103, pp.97-110.
Mahdavifar, S. and Ghorbani, A.A., 2019. Application of deep learning to cybersecurity: A
survey. Neurocomputing, 347, pp.149-176.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security:
Framework, standards and recommendations. Future Generation Computer Systems, 92, pp.178-
188.
Teoh, C.S. and Mahmood, A.K., 2017, July. National cyber security strategies for digital
economy. In 2017 International Conference on Research and Innovation in Information Systems
(ICRIIS) (pp. 1-6). IEEE.
von Solms, B. and von Solms, R., 2018. Cybersecurity and information security–what goes
where?. Information & Computer Security.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.