London Calling: Two-Factor Authentication Phishing from Iran (original) (raw)

The Current State of Phishing Attacks against Saudi Arabia University Students

Research into phishing and social engineering is a very interesting area since a significant number of attacks are conducted with the help of social engineering and phishing as the main vector to either obtain credentials or trick the user into executing a malware infected file. The goal of our research was to examine the students' familiarity with threats in the form of phishing attacks conducted via the Internet. A questionnaire was conducted to determine the students' ability to recognize phishing attacks and if they know how to protect themselves. The motivation behind this research is to explore the Saudian Student population's self assessment in regard to phishing attacks and to assess their capability on a limited data set for purpose of obtaining a baseline for future research.

Combatting Phishing: A Holistic Human Approach

Combatting Phishing: A Holistic Human Approach, 2014

Phishing continues to remain a lucrative market for cyber criminals, mostly because of the vulnerable human element. Through em ails and spoofed-websites,phishers exploit almost any opportunity using major events, considerable financial awards, fake warnings and the trusted reputation of established organizations, as a basis to gain their victims' trust. For many years, humans have often been referred to as the 'weakest link' towards protecting information. To gain their victims' trust, phishers continue to use sophisticated looking emails and spoofed websites to trick them, and rely on their victims' lack of knowledge, lax security behavior and organizations' inadequate security measures towards protecting itself and their clients. As such, phishing security controls and vulnerabilities can arguably be classified into three main elements namely human factors (H), organizational aspects (0) and technological controls (T). All three of these elements have the common feature of human involvement and as such, security gaps are inevitable. Each element also functions as both security control and security vulnerability. A holistic framework towards combatting phishing is required whereby the human feature in all three of these elements is enhanced by means of a security education, training and awareness programme. This paper discusses the educational factors required to form part of a holistic framework, addressing the HOT elements as well as the relationships between these elements towards combatting phishing. The development of this framework uses the principles of design science to ensure that it is developed with rigor. Furthermore, this paper reports on the verification of the framework. A cyber security study conducted by Deloitte revealed that chief information security officers (CIS Os) are of the opinion that phishing and pharming currently pose the main cyber security threat to their respective organizations [1]. Phishing is a concern, for both organizations and consumers, because of phishers' ability to skilfully mimic legitimate organizations in the technical design of their emails and websites. Phishing costs organizations and their clients billions of dollars in lost revenue every year. The traditional approach of phishers targeting solely financial institutions in emails has transformed. Phishers take advantage of popular events and adapt to certain leading trends, thereby creating more confusion for consumers to distinguish legitimate emails from phishing. For example, phishers used a popular game known as 'Warlords of Draenor' to scam garners into believing that they won a free copy of the game [2]. Instead, the phishers stole their login credentials. Furthermore, phishers are increasingly using social networks and phone text messages to reach a larger audience. Recently, phishers spoofed a Facebook webpage with the poster of Arvind Kejriwal, the Indian leader of the Aam Aadmi Party, in order to acquire Indian Facebook users login credentials [3]. Phishing attacks are increasing at a rapid rate. South Africa is the second most targeted country globally with costs amounting to approximately $320 million in 2013 only, and account for 5% of the total volume of all global phishing attacks [4]. A study conducted by the Anti-Phishing Work Group (APWG), revealed that there were at least 115,565 unique phishing attacks worldwide, nearly a 60% increase over the first half of 2013-setting record levels [5]. A large proportion of the phishing attacks were directed at China. Nearly one-third of all attacks, 32.9%, were directed at banks and another 17.5% targeted money-transfer services. PayPal was the most-targeted institution with 24,580 attacks [5]. Half of the targets were attacked at least three times during the six­ month period. Another concern is amateur phishers can use 'phishing kits' (easily found online) which contain templates for popular targets. Furthermore, organizations can be breached for many years unsuspectingly. The longest period an attacker was present before being detected in 2013 was six years and three months [6]. With the widespread use of smartphones and tablet devices at home and in the workplace, users could unsuspectingly compromise both personal and organizational information stored on these devices.

IJERT-A Survey on various Phishing and Anti-Phishing Measures

International Journal of Engineering Research and Technology (IJERT), 2015

https://www.ijert.org/a-survey-on-various-phishing-and-anti-phishing-measures https://www.ijert.org/research/a-survey-on-various-phishing-and-anti-phishing-measures-IJERTV4IS010143.pdf Phishing, a semantic attack which targets the user rather than the computer is turning into a breeding ground for vast fraudulency over the internet; and therefore is one of the most challenges toward internet security. Phishing is a way in which perpetrators adopt social engineering schemes by sending e-mails, instant messages or online advertising to allure users to phishing websites that mimic trustworthy websites in order to trick individuals into revealing their sensitive information like, financial account details or passwords which can then be exploited for a specific reason. To protect users against phishing attacks various anti-phishing strategies have been implemented having different strategies. This paper presents the various phishing attacks followed by a review of various anti-phishing techniques.

Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks

Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.