Annotated Bibliography
Abbasi, A., Zahedi, F. M., & Chen, Y. (2012, June). Impact of anti-phishing tool performance on attack success rates. In Intelligence and Security Informatics (ISI), 2012 IEEE International Conference on (pp. 12-17). IEEE.
This study conducted an experiment which involved 400 plus participants to evaluate the accuracy of anti-phishing tools on a user’s ability to avoid phishing attacks. The experiment participants were either given a low or high accuracy tool and asked to make decisions on several phishing websites. The study found that the users who used the high accuracy tool performed better than the users using the low accuracy tool in terms of avoiding phishing attacks. Further, users of the high accuracy tool ignored
…show more content…
The study mainly focused on visual triggers that help users in identifying deceptive emails. The authors found that visual triggers and deception indications affected the likelihood of a user t respond to a phishing email. The study measured the effects of a user’s knowledge of a scam email on phishing susceptibility and found that users with more knowledge surrounding email scams paid more attention to visual triggers and were less susceptible to phishing emails.
Mohebzada, J. G., El Zarka, A., Bhojani, A. H., & Darwish, A. (2012, March). Phishing in a university community: Two large scale phishing experiments. InInnovations in Information Technology (IIT), 2012 International Conference on(pp. 249-254). IEEE.
This study conducted a large scale phishing experiment in a university with more than 10,000 subjects. The initial phishing attack involved spoofed email that redirects a user to a website to change their password, both males and females in the experiment were equally deceived. The second part of the attack used a survey to harvest personal information, this found that 61% of the victims were males compared to only 39%
…show more content…
F., & Downs, J. (2010, April). Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373-382). ACM.
Sheng et al. (2010) conducted a role play survey among over a thousand online respondents to study both the relationship between demographics and susceptibility to phishing and the effectiveness of anti-phishing education. This study analyzed demographics of people who fall prey to phishing attacks. The authors used an online survey and found that women were more likely to fall for phishing scams than men, further, people aged 18-25 were found to be more likely to be the victim of a phishing attack as compared to the general public.
Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April). Why phishing works. InProceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581-590). ACM.
This study looked at phishing from a cognitive perspective. The study found that lack of knowledge, visual deception and lack of attention contribute to the success of a phishing attack. Further, the study found that individuals tend to not utilize context cues such as address bar, status bar and security indicators. These individuals were instead frequently influenced by visual presentations of the phishing
new advances in the electronic technologies during the past decades have administered a new wealth of criminal activity. Software like Computer viruses, malware, software privacy, spam and etc. Technologically savvy artist replicate websites, so when a person's online activities occurs in a virtual world it can be compromised.Many times Cyber intrusions rely on human interaction and it often involves tricking people into breaking security procedures.
Phishing is an attempt to acquire personal information by masquerading as a trustworthy entity through an electronic communication. [ Compl. ¶ 28, ECF No. 1.]
Since our sponsor university is located in Massachusetts, where there is no direct single state law on anti-phishing. It is important to understand legal phishing definition, and laws applicable if University XYZ faces any phishing attack. In this section, apart from explaining federal statute and related punishment for phishing attack, details are given on government agencies that University XYZ can approach for phishing attack investigation.
Though the privacy and security of data pose a threat to Internet users around the world, user behavior towards this topic does not always reflect the advice given to address the risks associated with a security breach. Mass amounts of one’s most personal medical, financial, and educational records are stored online have the possibility of being breached at any moment. If this information is so sensitive and important, why do users seem to ignore some of these risks? As Cormac Herley, Alessandro Acquisti and Jens Grossklags explain in their articles, users do not allocate a proportional amount of time for the possible risks they face when going on the Internet because they prefer convenience to potential long-term security benefits. Though these two articles present similar
Cookies are also used as a technique of social engineering and it involves installing software in an individual’s PC remotely. The victim is then tricked by messages that constantly pop up in his computer’s window and which inform him he has won a particular prize (Mann, 2012). In order to trick the user, he is directed click a particular link to claim his prize. If he accepts and does so, his emails and passwords are stolen and used to his access his/her personal and confidential
The tendency of internet users to instantly assume website credibility, provides even the most unskilled hackers an opportunity to gain unauthorized access to someone’s computer in the world today. Often, malicious or ill-intended websites are designed in such as way that visitors perceive as trustworthy, but in the background are set up as platforms for phishing or to intentionally antagonizing users to get a reaction, also known as internet “trolling”. To the untrained user, the signs of a hoax website are often unclear. However, SomaliCruises.com, a website advertising cruises to Somalia in hopes of being hijacked and fighting Somalian pirates, provides an excellent case study of what a hoax website might look like. Specifically, Somali Cruises uses precise formatting and a friendly tone to make a good initial impression, but reveals its status as a hoax through subtle elements like sketchy advertisements,
Stealing an identity is becoming increasingly easy due to technological advancements, but this crime does still happen using traditional methods. People don’t even think about identity theft until it’s usually too late. With the proper education, most ID theft cases can be prevented, but the methods of how it occurs need to be understood first. Personal information is frequently obtained from social media sites and online purchases. A study done by the University of Missouri-Columbia concluded that almost 30% of college students can’t identify a secure website (Norum & Weagley, 2006, p. 54). For presumably being the most tech savvy generation, that statistic is shockingly high. Not being able to recognize a secure site from an unsecure one increases the risk of having credit card numbers, names, and addresses stolen while making online transactions.
According to KnowBe4.com 91 percent of successful data breaches begin with a spear-phishing attack (“Did you know,” n.d). The resources utilized by IT departments at universities are not fully protected from these types of attacks, and there are training resources and companies that offer phishing awareness training. The company conducts a simulated phishing attack, and if an employee clicks on the email, they will be directed to take training. The only issue with this method is that not every employee will learn from the first phishing email test and potentially causing harm to the university network or networks unintentionally.
It is inevitable that organizations can keep each and every clients account safe and it is up to each individual to do their due diligence to continuously be aware and informed about each account and all the activity associated with it. As technology evolves many organizations encourage individuals to place more sensitive information online through phone applications and on websites that prompt passwords to save or usernames to be associated with first or last names. The risk of these actions only become relevant when it actually occurs to a specific individual due to the encouragement portrayed when reading the precautions on the specific websites. The perceived safety ensures the reader that the sensitive information will remain safe although the past two years portrays many instances to prove the statement false. Fortune explains in an article written back in October that, “At the end of January, as many as 11 million Premera Blue Cross customers were affected by a hack. Anthem announced the following month that almost 80 million current and former customers’ personal information had been breached.” The continuous efforts made by fraudsters enables them to stay ahead of technology in ways that enable them to hack websites and obtain the sensitive information clients provide to
The Internet plays critical roles in the fabric of today 's society, and people use their computers and mobile devices for business, social contact, recreation playing games and many other activities. However, everyone faces cyber crime risks when using their computersm and these perils range from phishing to investment fraud. People use their computing devices to work, buy products and services and store vital personal information. Unfortunately, everything that you read and view on the screen isn 't always what it appears. Crooks and con artists have always come up with creative ways to steal personal information, trick people out of their money and valuables and promote questionable practices such as pyramid schemes. Digital communications and the Internet have increased access to information for everyone, but easy access empowers criminals who can work in relative anonymity to commit their cyber crimes.
The act of tricking individuals into divulging their sensitive information and using it for malicious purposes is not new. Social engineering attacks have occurred on the internet throughout its existence. Before widespread use of the internet, criminals used the telephone to pose as a trusted agent to acquire information. The term “phishing” has origins in the mid-1990s, when it was used to describe the acquisition of internet service provider (ISP) account information. However, today the term has evolved to encompass a variety of attacks that target personal information.
Email phishing, one scheme of internet scamming, is a problematic issue in society as it causes millions of people to fall victim to identity theft and financial exploit. Acts such as this could not be more apparent at The University of Alabama during its 2013-2014 school term, when an email headlined “New Year Upgrading” surfaced its way into the inboxes of UA students. In his article “University OIT warns of phishing scams” for The Crimson White, author Josh Sigler cautions students of The University of Alabama to be wary of false advertisement and to refrain from providing personal information, if uncertain. Sigler attests why UA students should be as alert as possible of online scams by appointing advice from a specialist, unveiling past
Introduction: I am positive that I am not the only one here who has been subject to scams, information gathering techniques or ads targeted at them via emails or cellphones based on electronically stored information obtained by
Furthermore, fraudsters use social engineering to deceive the bank customers and gain access to sensitive online credentials (Schneider, 2013, p. 480). Unfortunately, fraudsters use phishing to hold clients’ customer data through making phone calls or sending emails to determine information on the payment cards. Moreover, the information obtained through phishing enables the fraudsters to obtain access and make withdrawals, thus forging the customers’ identity. For example, backdoor programs, such as Cart32, steal customer data (Schneider, 2013, p.430). Therefore, phishing not only impacts negatively internet banking but also poses threats to the bank payment system.
The increasing volume and sophistication of cyber security threats including targeted data theft, phishing scams and other online vulnerabilities demand that we remain vigilant about securing our systems and information.