Phishing in email and instant messaging

Abstract. Phishing is a constantly evolving threat in the world of information security that affects everyone, no matter if you’re a retail worker or the head of IT in a large organisation. Because of this, this thesis aims to give the reader a good overview of what phishing is, and due to its prevalence in email and instant messaging, focuses on educating the reader on common signs and techniques used in phishing in the aforementioned forms of communication. The chosen research method is literature review, as it is the ideal choice for presenting an overview of a larger subject. As a result of the research, many common phishing signs and techniques in both email and instant messaging are presented. Some of these signs include strange senders, fake domain names and spellings mistakes. With this thesis, anyone looking to improve their understanding about phishing can do so in a way that is easy to understand. Some suggestions for future research are also presented based on this thesis’ shortcomings, namely the lack of studies on phishing in instant messaging

Security in Data Mining- A Comprehensive Survey

Data mining techniques, while allowing the individuals to extract hidden knowledge on one hand, introduce a number of privacy threats on the other hand. In this paper, we study some of these issues along with a detailed discussion on the applications of various data mining techniques for providing security. An efficient classification technique when used properly, would allow an user to differentiate between a phishing website and a normal website, to classify the users as normal users and criminals based on their activities on Social networks (Crime Profiling) and to prevent users from executing malicious codes by labelling them as malicious. The most important applications of Data mining is the detection of intrusions, where different Data mining techniques can be applied to effectively detect an intrusion and report in real time so that necessary actions are taken to thwart the attempts of the intruder. Privacy Preservation, Outlier Detection, Anomaly Detection and PhishingWebsite Classification are discussed in this paper

Phishing susceptibility: Differences Across Generations

Masteroppgaven min er en case study som undersøker om eldre eller yngre folk er mer utsatt for phishing angrep. Dette ble gjennomført med bruken av semi-strukturerte intervjuer og en phishing "test" hvor deltakerne gikk gjennom 10 eksempler på phishing og ga sin mening om de var reele eller phishing

Phishing Attacks: A Security Challenge for University Students Studying Remotely

The emergence of the deadly global respiratory coronavirus disease (COVID-19) in 2019 claimed many lives and altered the way people live and behave as well as how companies operated. Considerable pressure was exerted on Institutions of Higher Learning (universities) to salvage the academic projects through the process of business model reconfiguration. Students were required to study remotely and were, therefore, exposed to phishing and scamming cyber-attacks. The effects of these attacks were examined in this study with the support of literature and empirical research leading to appropriate recommendations being proposed. Data were obtained through semi-structured interviews from students at a selected public-funded university. Atlas.Ti was used for data analysis to identify usable and sensible themes. The study established that students were aware of the factors that exposed them to phishing and scamming attacks but lacked the skills to identify such attacks before becoming victims

Phishing within e-commerce: reducing the risk, increasing the trust

E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation

Kuritegevus kui kommunikatsioon: diagnostiliselt kasuliku teabe tuvastamine manipulatsioonirünnete sisust ja kontekstist

Väitekirja elektrooniline versioon ei sisalda publikatsiooneTänapäevases teabe ülekülluse tingimustes on aina sagedasemaks muutunud erinevat tüüpi manipulatsiooniründed, mis jõuavad sõnumisaajateni e-kirjade, telefoni, lühisõnumite kui ka sotsiaalmeedia vahendusel. Tähelepanu hajutatuse, saabunud sõnumite tekitatud tugevate emotsioonide ning tõerääkimise eeldamise koostoime tõttu on manipulatsioonirünnete ohvriks langemine üha süvenev probleem, millega kaasnevad nii majanduslik kui ka vaimne kahju. Doktoritöö „Kuritegevus kui kommunikatsioon: diagnostiliselt kasuliku teabe tuvastamine manipulatsioonirünnete sisust ja kontekstist“ eesmärk on saada teada, millist manipulatsiooniründe ennetamise aspektist olulist teavet saavad sõnumisaajad rünnete toimepanemiseks kasutatud sõnumite sisust ning kontekstist. Eesmärgi saavutamiseks esitan väitekirjas kuritegevus kui kommunikatsioon käsituse, mis lähtub eeldusest, et iga tehnoloogia vahendatud keskkonnas toimuv tegevus tuleneb ja sõltub kommunikatsioonist. Doktoritöö aluseks olevates uurimustes kogutud e-kirjade ja rahvusvahelistes meediaväljaannetes kajastatud pettuste kirjelduste teksti- ja sisuanalüüsi tulemused võimaldasid selgitada mitmeid manipulatsioonirünnete tuvastamiseks kasulikke teabekilde. Manipulatsioonirünnete puhul on konkreetsel juhul kasutatavate kanalite, näiteks e-kirjade või telefonikõnede, mitmekesisuse tõttu olulisem mõista sõnumi saatja ja vastuvõtja vahel olemasoleva avatud kanali tähtsust. Avatud kanali olemasolul kasutavad manipulatsioonirünnete toimepanijad nii kasusaamisega meelitamist kui ka kahju kandmisega ähvardamist, et suunata sõnumite vastuvõtjaid viimastele kahju toovat tegu tegema. Samuti kohandavad mõned küberkurjategijad manipulatsioonirünnetes kasutatavate sõnumite sisu nii, et sõnumid sobituksid nende saatmise ajahetkel olulisse ühiskondlikku konteksti, näiteks COVID-19 viiruspandeemiaga seonduvasse.Under the current circumstances of information overload, social engineering attacks that reach recipients via e-mail, phone calls, text messages and social media have become an increasingly common occurrence. Our exhausted ability to pay attention, the strong emotions created by received messages and the default expectation of truth-telling have combined into a state where falling victim to social engineering attacks is a growing problem with severe financial and psychological consequences for the victims. For the purpose of preventing successful social engineering attacks, the dissertation “Crime-as-Communication: Detecting Diagnostically Useful Information from the Content and Context of Social Engineering Attacks” sought to find out the types of diagnostically useful information available to recipients from the content and context of social engineering attacks. To achieve this aim, the dissertation developed the Crime-as-Communication approach, which follows from the premise that all activities in technology-mediated environments are rooted in and dependent upon communication. Based on the results of qualitative text analysis and qualitative and quantitative content analysis applied to e-mails and descriptions of social engineering attacks reported in international media outlets, the dissertation established multiple informational aspects that help people detect social engineering attacks. Due to the variety of media, such as e-mails and phone calls, used in carrying out social engineering attacks, it is more important to acknowledge the overall significance of an open channel between message senders and recipients. Where an open channel is present, perpetrators use both gain-based appeals and loss-based threats to guide recipients into taking actions that end up harming them. Furthermore, some cybercriminals adapt the content of scam messages to fit the social context - such as the COVID-19 pandemic - salient at the time of circulating the messages.  https://www.ester.ee/record=b546643