Report on Phishing Emails: Techniques, Detection, and Analysis
VerifiedAdded on  2023/04/21
|11
|2471
|256
Report
AI Summary
This report delves into the realm of phishing emails, a prevalent form of cyberattack targeting individuals and organizations. It begins with an executive summary highlighting the malicious nature of phishing attacks, which involve tricking victims into revealing confidential information through deceptive emails. The report then explores the cyber world and data security, emphasizing the importance of protecting personal and organizational data in the digital age. It provides a background on phishing attacks, explaining how cybercriminals exploit social engineering to steal sensitive data. The core of the report examines various phishing techniques, including email phishing scams, spear phishing, and sentimental abuse, detailing how attackers manipulate users. It also covers detection techniques, such as identifying suspicious email addresses, attachments, and urgent requests. The report recommends combining access management and security solutions, including two-factor protection and filtering tools, to mitigate phishing risks. Finally, it concludes by summarizing the key aspects of phishing attacks, emphasizing their impact on cybersecurity and data security.
Running head: PHISHING EMAILS
Phishing Emails
Name of the Student
Name of the University
Author Note
Phishing Emails
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1PHISHING EMAILS
Executive Summary
Phishing attacks of been one of the most malicious attacks in cyber revolt that often target
unsuspecting individual organisations through sending emails asking them to click on a link
and enter their confidential credentials. The users open fall prey to these attacks as the
attackers know exactly the way due to which a person would click on a link and share their
credentials. There are various ways by which the the people can be exploited about their
vulnerability in sharing online information without any protection. The email sent to them
can be a phishing attack but the user might not have any clue about it. This is why the
following report would identify what specific kinds of phishing attack techniques the
malicious attackers uses including their detection techniques so that any person going through
this report would understand how to avoid phishing email attacks.
Executive Summary
Phishing attacks of been one of the most malicious attacks in cyber revolt that often target
unsuspecting individual organisations through sending emails asking them to click on a link
and enter their confidential credentials. The users open fall prey to these attacks as the
attackers know exactly the way due to which a person would click on a link and share their
credentials. There are various ways by which the the people can be exploited about their
vulnerability in sharing online information without any protection. The email sent to them
can be a phishing attack but the user might not have any clue about it. This is why the
following report would identify what specific kinds of phishing attack techniques the
malicious attackers uses including their detection techniques so that any person going through
this report would understand how to avoid phishing email attacks.
2PHISHING EMAILS
Table of Contents
Introduction................................................................................................................................3
Cyber world and Data Security..............................................................................................3
Background behind Phishing Attacks....................................................................................4
Various phishing techniques used by the attackers................................................................5
Detection techniques of Phishing...........................................................................................6
Recommendation........................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
Table of Contents
Introduction................................................................................................................................3
Cyber world and Data Security..............................................................................................3
Background behind Phishing Attacks....................................................................................4
Various phishing techniques used by the attackers................................................................5
Detection techniques of Phishing...........................................................................................6
Recommendation........................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3PHISHING EMAILS
Introduction
Phishing is a specific type of attack that is often used in the cyber world via social
engineering processes for extracting or stealing data and information from users which may
include the login credentials of a person or even their credit card numbers (Gupta et al. 2017).
These kinds of attacks just not extract out the data and information of an individual user but
also has a possibility of extracting out all confidential information about the user that are
available online including their transactions and financial data. From the networking
perspective, the following report would hold what cyber world in data security means, the
background behind the phishing attacks, the various phishing techniques that the attackers
use, and the detection techniques of phishing attacks.
Cyber world and Data Security
The cyber world it is making life easier for people all over the world. It is advancing
with every passing day involving latest technologies and making every work easier than the
other. Although there are several benefits of utilising cyber world into the day to day life,
there are also several disadvantages since the cyber world is evaded with security issues all
over. Anything shared through the cyber world is regarded as data which provide certain
information about an individual. Since, the world of internet has made people share more
about their personal and social life publicly, the cyber world is also implemented people to
carry out the daily activities through you internet as well (Konradt, Schilling and Werners
2016).
This just not includes sharing information about social media, but there are also
techniques by which people conduct the transactional activities everyday and make several
Introduction
Phishing is a specific type of attack that is often used in the cyber world via social
engineering processes for extracting or stealing data and information from users which may
include the login credentials of a person or even their credit card numbers (Gupta et al. 2017).
These kinds of attacks just not extract out the data and information of an individual user but
also has a possibility of extracting out all confidential information about the user that are
available online including their transactions and financial data. From the networking
perspective, the following report would hold what cyber world in data security means, the
background behind the phishing attacks, the various phishing techniques that the attackers
use, and the detection techniques of phishing attacks.
Cyber world and Data Security
The cyber world it is making life easier for people all over the world. It is advancing
with every passing day involving latest technologies and making every work easier than the
other. Although there are several benefits of utilising cyber world into the day to day life,
there are also several disadvantages since the cyber world is evaded with security issues all
over. Anything shared through the cyber world is regarded as data which provide certain
information about an individual. Since, the world of internet has made people share more
about their personal and social life publicly, the cyber world is also implemented people to
carry out the daily activities through you internet as well (Konradt, Schilling and Werners
2016).
This just not includes sharing information about social media, but there are also
techniques by which people conduct the transactional activities everyday and make several
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4PHISHING EMAILS
important decisions by sharing their personal information over the internet. Business and
personal use has made people much more digitally advanced and technology improvement
has made people adapt to these quickly. However, on the other hand cyber crime landscape
has also evolved and the attacks and threads have been increasingly becoming intricate. the
daily activities that people conduct through their emails by sending important information to
another is also under the threat of the malicious hackers who are looking forward for an
opportunity to make people click on the desired link so they can extract out all the
confidential data and information about an individual or an entire organisation through
malware attacks. Internet has made life easier, but at the same time malicious hackers took
advantage of it and have made the cyber world even more dangerous when it comes to
sharing information.
Background behind Phishing Attacks
Phishing is also a technique by which cyber criminals extract out the intricate data of
an individual user or a business organisation making use of the facilities provided by the
cyber world. This generally occurs when a malicious attacker masquerades as a trusted entity
and traps a victim, which in this case is a particular user, by making them open an email, text
message for an instant message (Chaudhry and Rittenhouse 2015). This kind of email text
message for instant message always has as a link attached to it that has to be clicked in order
to move forward. These links are mostly malicious redirection links that it has a possibility of
leading an individual into installing a malware resulting into revealing sensitive information
of freezing the entire system as a part of a ransomware attack.
The result of these kinds of attacks can be extremely devastating and even result in
various events like unauthorised purchases, identity theft and stealing of funds. Mostly, for
organizations, phishing attack is used for gaining a particular foothold in the governmental
important decisions by sharing their personal information over the internet. Business and
personal use has made people much more digitally advanced and technology improvement
has made people adapt to these quickly. However, on the other hand cyber crime landscape
has also evolved and the attacks and threads have been increasingly becoming intricate. the
daily activities that people conduct through their emails by sending important information to
another is also under the threat of the malicious hackers who are looking forward for an
opportunity to make people click on the desired link so they can extract out all the
confidential data and information about an individual or an entire organisation through
malware attacks. Internet has made life easier, but at the same time malicious hackers took
advantage of it and have made the cyber world even more dangerous when it comes to
sharing information.
Background behind Phishing Attacks
Phishing is also a technique by which cyber criminals extract out the intricate data of
an individual user or a business organisation making use of the facilities provided by the
cyber world. This generally occurs when a malicious attacker masquerades as a trusted entity
and traps a victim, which in this case is a particular user, by making them open an email, text
message for an instant message (Chaudhry and Rittenhouse 2015). This kind of email text
message for instant message always has as a link attached to it that has to be clicked in order
to move forward. These links are mostly malicious redirection links that it has a possibility of
leading an individual into installing a malware resulting into revealing sensitive information
of freezing the entire system as a part of a ransomware attack.
The result of these kinds of attacks can be extremely devastating and even result in
various events like unauthorised purchases, identity theft and stealing of funds. Mostly, for
organizations, phishing attack is used for gaining a particular foothold in the governmental
5PHISHING EMAILS
network or at the corporate zone to be part of a larger attack. There have been reports about
organisations which have sustained this kind of attacks and resulted into do a negative decline
in the market share, consumer trust as well as organisational reputation.
Various phishing techniques used by the attackers
There are various ways by which malicious attackers are often found to be sending
out phishing attacks two users all over the internet. The scams are not always obvious so it is
easy that it is individual users can always fall for these fishing techniques if they are not
paying close attention (Konradt, Schilling and Werners 2016). There are various techniques
by which the attackers use the phishing emails to extract out sensitive data about the
individual user or the organisations. Following are some of the individually identified
techniques:
Email Phishing Scams
It can happen that a person is receiving an email. The person might think that this is a
normal email from a bank ok he or she has an account in to confirm a wire transfer. The
person might receive an email that has specific link that it has the appearance of the bank's
website but actually is an identical copy of the original website and spoofed out to be
redirected into to a page where he or she has to enter the transactional credentials (Siadati,
Jafarikhah and Jakobsson 2016). If a person trusts this link and puts in their confidential
passwords and user ID the might accidentally transfer them to cyber criminal.
Spear phishing
This kind of phishing attack targets a particular person or an organisation who are a
bit different than random application uses. This is a much more in depth version of the
phishing attacks which requires the malicious attacker to possess special knowledge about the
network or at the corporate zone to be part of a larger attack. There have been reports about
organisations which have sustained this kind of attacks and resulted into do a negative decline
in the market share, consumer trust as well as organisational reputation.
Various phishing techniques used by the attackers
There are various ways by which malicious attackers are often found to be sending
out phishing attacks two users all over the internet. The scams are not always obvious so it is
easy that it is individual users can always fall for these fishing techniques if they are not
paying close attention (Konradt, Schilling and Werners 2016). There are various techniques
by which the attackers use the phishing emails to extract out sensitive data about the
individual user or the organisations. Following are some of the individually identified
techniques:
Email Phishing Scams
It can happen that a person is receiving an email. The person might think that this is a
normal email from a bank ok he or she has an account in to confirm a wire transfer. The
person might receive an email that has specific link that it has the appearance of the bank's
website but actually is an identical copy of the original website and spoofed out to be
redirected into to a page where he or she has to enter the transactional credentials (Siadati,
Jafarikhah and Jakobsson 2016). If a person trusts this link and puts in their confidential
passwords and user ID the might accidentally transfer them to cyber criminal.
Spear phishing
This kind of phishing attack targets a particular person or an organisation who are a
bit different than random application uses. This is a much more in depth version of the
phishing attacks which requires the malicious attacker to possess special knowledge about the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6PHISHING EMAILS
organisation for the individual including the structure. The attack can follow as the malicious
attacker would like to look at the names of employees inside an organisation specifically are
there to the marketing department and gain access to the project invoices that the organisation
has accessed recently (Mann 2017). Then and the attacker can be posed as a marketing
director animal the project manager about something related to the thread and utilising the
duplicate logo of the organisation and the standard template for or send in email. The spoof
version of the student in voice can then be provided to the project manager further redirecting
name to a password protected internal document and by logging into the particular document
the attacker makes the project manager in put their credentials which otherwise should be we
kept under wraps. By this the attacker can have full access to the sensitive areas in the
network of the organisation.
Sentimental abuse
People tend to be falling prey to sentimental issues and malicious attackers can often
use them as the subject matter of the emails (Aleroud and Zhou 2017). This is misleading
mails can often ask for donating money for somebody suffering from cancer or any other
terminal ailments, and donate the money they have to click on a certain link that would
actually be a dupe that would extract all the credentials that would otherwise be restricted to
individual access.
Detection techniques of Phishing
Public email addresses
Mostly, this can be detected by having a closer attention at the email address by the
sender. The cyber criminals often use public email address gmail.com (Marforio et al. 2015).
organisation for the individual including the structure. The attack can follow as the malicious
attacker would like to look at the names of employees inside an organisation specifically are
there to the marketing department and gain access to the project invoices that the organisation
has accessed recently (Mann 2017). Then and the attacker can be posed as a marketing
director animal the project manager about something related to the thread and utilising the
duplicate logo of the organisation and the standard template for or send in email. The spoof
version of the student in voice can then be provided to the project manager further redirecting
name to a password protected internal document and by logging into the particular document
the attacker makes the project manager in put their credentials which otherwise should be we
kept under wraps. By this the attacker can have full access to the sensitive areas in the
network of the organisation.
Sentimental abuse
People tend to be falling prey to sentimental issues and malicious attackers can often
use them as the subject matter of the emails (Aleroud and Zhou 2017). This is misleading
mails can often ask for donating money for somebody suffering from cancer or any other
terminal ailments, and donate the money they have to click on a certain link that would
actually be a dupe that would extract all the credentials that would otherwise be restricted to
individual access.
Detection techniques of Phishing
Public email addresses
Mostly, this can be detected by having a closer attention at the email address by the
sender. The cyber criminals often use public email address gmail.com (Marforio et al. 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7PHISHING EMAILS
If a specific company for a bank is sending in email they would most probably use the email
account that is registered by the company name rather than a public Gmail account.
Suspicious attachments
If any mail is received unexpectedly from a source unknown to the particular
individual asking to open an attachment it is better how to detect it as a phishing email
(Conteh and Schmick 2016). These can contain malware that can further harm the computer
and capture the data present in the system by making a ransomware on malware be installed
in the system by clicking on the link.
Sense of urgency
Phishing emails can be checked intensely and it can be seen that they often ask an
individual about their personal information like bank account number and passwords (Kim,
Go and Lee 2015). This species activities further elevated by creating a sense of urgency
followed by a message that would ensure that the bank account for a certain amount of
money would be deducted or caused harm to.
Unrecognised URLs
Checking the subject line of the received email and the link addressed asked by the
sender to click on it should be checked thoroughly (Chaudhry, Chaudhry and Rittenhouse
2016). It can be found that the link might seem familiar but it can also happen that the
popular website has been due as this false link is created by misspelling a familiar domain
name.
If a specific company for a bank is sending in email they would most probably use the email
account that is registered by the company name rather than a public Gmail account.
Suspicious attachments
If any mail is received unexpectedly from a source unknown to the particular
individual asking to open an attachment it is better how to detect it as a phishing email
(Conteh and Schmick 2016). These can contain malware that can further harm the computer
and capture the data present in the system by making a ransomware on malware be installed
in the system by clicking on the link.
Sense of urgency
Phishing emails can be checked intensely and it can be seen that they often ask an
individual about their personal information like bank account number and passwords (Kim,
Go and Lee 2015). This species activities further elevated by creating a sense of urgency
followed by a message that would ensure that the bank account for a certain amount of
money would be deducted or caused harm to.
Unrecognised URLs
Checking the subject line of the received email and the link addressed asked by the
sender to click on it should be checked thoroughly (Chaudhry, Chaudhry and Rittenhouse
2016). It can be found that the link might seem familiar but it can also happen that the
popular website has been due as this false link is created by misspelling a familiar domain
name.
8PHISHING EMAILS
Recommendation
It is recommended that a combination of access management and the security solution
for web applications are used for counting the phishing attacks or the attempts to do so. Two
factor protections can be deployed for all the URL addresses an individual is trying to visit
through a web application or a website (Marforio et al. 2016). These can include the address
is having URL parameters where two factor production would be able to provide solution in
readily detecting a phishing attempt. Organisations are often found to mitigate the phishing
risk utilising filtering tools for detecting standard spam (Chiew, Yong and Tan 2018). This
can be utilised with the help of sophisticated technical counter measures by installing secured
anti-phishing filters in specific systems for analysing web pages and spear phishing attacks.
By doing so any suspicious email would be quarantined.
Conclusion
In conclusion it can be said that the phishing emails has been one of the most common
way of cyber security attacks led on unsuspecting organisations and individuals. This kind of
attacks gets through the networks of organisations or individuals asking for their credentials
or confidential data through duplicate links and URLs. The above report clearly specifies
what kind of phishing attacks are right now made available by the malicious attackers
forming as one of the major issues regarding cyber world and data security. This has been
reported in the essay describing the background behind the phishing attacks, the the phishing
techniques used by attackers and their detection techniques.
Recommendation
It is recommended that a combination of access management and the security solution
for web applications are used for counting the phishing attacks or the attempts to do so. Two
factor protections can be deployed for all the URL addresses an individual is trying to visit
through a web application or a website (Marforio et al. 2016). These can include the address
is having URL parameters where two factor production would be able to provide solution in
readily detecting a phishing attempt. Organisations are often found to mitigate the phishing
risk utilising filtering tools for detecting standard spam (Chiew, Yong and Tan 2018). This
can be utilised with the help of sophisticated technical counter measures by installing secured
anti-phishing filters in specific systems for analysing web pages and spear phishing attacks.
By doing so any suspicious email would be quarantined.
Conclusion
In conclusion it can be said that the phishing emails has been one of the most common
way of cyber security attacks led on unsuspecting organisations and individuals. This kind of
attacks gets through the networks of organisations or individuals asking for their credentials
or confidential data through duplicate links and URLs. The above report clearly specifies
what kind of phishing attacks are right now made available by the malicious attackers
forming as one of the major issues regarding cyber world and data security. This has been
reported in the essay describing the background behind the phishing attacks, the the phishing
techniques used by attackers and their detection techniques.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9PHISHING EMAILS
References
Aleroud, A. and Zhou, L., 2017. Phishing environments, techniques, and countermeasures: A
survey. Computers & Security, 68, pp.160-196.
Chaudhry, J.A. and Rittenhouse, R.G., 2015, November. Phishing: classification and
countermeasures. In 2015 7th International Conference on Multimedia, Computer Graphics
and Broadcasting (MulGraB) (pp. 28-31). IEEE.
Chaudhry, J.A., Chaudhry, S.A. and Rittenhouse, R.G., 2016. Phishing attacks and
defenses. International Journal of Security and Its Applications, 10(1), pp.247-256.
Chiew, K.L., Yong, K.S.C. and Tan, C.L., 2018. A survey of phishing attacks: their types,
vectors and technical approaches. Expert Systems with Applications, 106, pp.1-20.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), p.31.
Gupta, B.B., Tewari, A., Jain, A.K. and Agrawal, D.P., 2017. Fighting against phishing
attacks: state of the art and future challenges. Neural Computing and Applications, 28(12),
pp.3629-3654.
Kim, J.H., Go, J.Y. and Lee, K.H., 2015. A Scheme of Social Engineering Attacks and
Countermeasures Using Big Data based Conversion Voice Phishing. Journal of the Korea
Convergence Society, 6(1), pp.85-91.
Konradt, C., Schilling, A. and Werners, B., 2016. Phishing: An economic analysis of
cybercrime perpetrators. Computers & Security, 58, pp.39-46.
References
Aleroud, A. and Zhou, L., 2017. Phishing environments, techniques, and countermeasures: A
survey. Computers & Security, 68, pp.160-196.
Chaudhry, J.A. and Rittenhouse, R.G., 2015, November. Phishing: classification and
countermeasures. In 2015 7th International Conference on Multimedia, Computer Graphics
and Broadcasting (MulGraB) (pp. 28-31). IEEE.
Chaudhry, J.A., Chaudhry, S.A. and Rittenhouse, R.G., 2016. Phishing attacks and
defenses. International Journal of Security and Its Applications, 10(1), pp.247-256.
Chiew, K.L., Yong, K.S.C. and Tan, C.L., 2018. A survey of phishing attacks: their types,
vectors and technical approaches. Expert Systems with Applications, 106, pp.1-20.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), p.31.
Gupta, B.B., Tewari, A., Jain, A.K. and Agrawal, D.P., 2017. Fighting against phishing
attacks: state of the art and future challenges. Neural Computing and Applications, 28(12),
pp.3629-3654.
Kim, J.H., Go, J.Y. and Lee, K.H., 2015. A Scheme of Social Engineering Attacks and
Countermeasures Using Big Data based Conversion Voice Phishing. Journal of the Korea
Convergence Society, 6(1), pp.85-91.
Konradt, C., Schilling, A. and Werners, B., 2016. Phishing: An economic analysis of
cybercrime perpetrators. Computers & Security, 58, pp.39-46.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10PHISHING EMAILS
Mann, I., 2017. Hacking the human: social engineering techniques and security
countermeasures. Routledge.
Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K. and Capkun, S., 2015. Personalized
security indicators to detect application phishing attacks in mobile platforms. arXiv preprint
arXiv:1502.06824.
Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K. and Capkun, S., 2016, October.
Hardened setup of personalized security indicators to counter phishing attacks in mobile
banking. In Proceedings of the 6th Workshop on Security and Privacy in Smartphones and
Mobile Devices (pp. 83-92). ACM.
Siadati, H., Jafarikhah, S. and Jakobsson, M., 2016. Traditional countermeasures to unwanted
email. In Understanding social engineering based scams (pp. 51-62). Springer, New York,
NY.
Mann, I., 2017. Hacking the human: social engineering techniques and security
countermeasures. Routledge.
Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K. and Capkun, S., 2015. Personalized
security indicators to detect application phishing attacks in mobile platforms. arXiv preprint
arXiv:1502.06824.
Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K. and Capkun, S., 2016, October.
Hardened setup of personalized security indicators to counter phishing attacks in mobile
banking. In Proceedings of the 6th Workshop on Security and Privacy in Smartphones and
Mobile Devices (pp. 83-92). ACM.
Siadati, H., Jafarikhah, S. and Jakobsson, M., 2016. Traditional countermeasures to unwanted
email. In Understanding social engineering based scams (pp. 51-62). Springer, New York,
NY.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.