PHISHING ATTACKS PROPOSAL 6
Phishing Attacks Proposal
Introduction and Problem Statement
Over the past years, one of the most challenging crimes that have been a serious threat to the internet security of all computer users has been identity theft. This is a lucrative crime whose roots spread across the world and are perpetrated by different individuals using sophisticated technology. Identity theft entails the act of stealing as well as utilizing the identity information of another person to commit crimes such as steal money, crucial personal information, or even destroy confidential data and information (Psannis & Gamagedara, 2017). One of the techniques that have been used to perpetrate identity theft is a phishing attack. A phishing attack refers to a type of crime associated with social engineering whose emergence, occurrence, and advancements are proving to be an enormous challenge for both key industry players as well as academic researchers (Lyashenko, 2015).
The main aim of carrying out phishing attacks is to steal crucial information that is sensitive to users such as online banking details, usernames, and even passwords. According to researchers, the number of phishing attacks is becoming a serious threat, and in other cases, phishing reports indicate that it is not only the organizations that are becoming victims of the phishing attacks but the number of attacks is on the rise, and the level of sophistication is also advancing day in day out (Doupe & Warner, 2018). Of importance is that the phishing attacks have evolved in terms of the approaches that are followed in penetrating computer users and violating their privacy.
Objectives
This research aims at studying the level of sophistication in which phishing attacks has advanced. In this regard, it seeks to determine how modern methods of phishing attacks are different from the traditional ones. Secondly, this research aims to explain the different current methods of carrying out phishing attacks. Thirdly, this research study aims at determining how these sophisticated methods of carrying out phishing attacks can be controlled.
Literature Review
Different researchers and professionals have explored the issue of modern phishing attacks and presented their work in the form of journals and articles of research. One amongst the journals is “Defending against phishing attacks: Taxonomy of methods, current issues, and future directions,” authored by Kostas Psannis, and Nalin Asanka Gamagedara (2017). In their research, they noted that phishing statistics indicate that there is a rise in the number of successful attacks that are being carried out against industries and critical institutions. Psannis and Gamagedara (2017) present this statistical information in the form of a pie chart showing the various domains that exist and how each one of them has been affected. Based on a report presented in the form of a pie chart by the team, domains that are worst hit by the crime includ ...
1. PHISHING ATTACKS PROPOSAL 6
Phishing Attacks Proposal
Introduction and Problem Statement
Over the past years, one of the most challenging crimes that
have been a serious threat to the internet security of all
computer users has been identity theft. This is a lucrative crime
whose roots spread across the world and are perpetrated by
different individuals using sophisticated technology. Identity
theft entails the act of stealing as well as utilizing the identity
information of another person to commit crimes such as steal
money, crucial personal information, or even destroy
confidential data and information (Psannis & Gamagedara,
2017). One of the techniques that have been used to perpetrate
identity theft is a phishing attack. A phishing attack refers to a
type of crime associated with social engineering whose
emergence, occurrence, and advancements are proving to be an
enormous challenge for both key industry players as well as
academic researchers (Lyashenko, 2015).
The main aim of carrying out phishing attacks is to steal crucial
information that is sensitive to users such as online banking
details, usernames, and even passwords. According to
researchers, the number of phishing attacks is becoming a
serious threat, and in other cases, phishing reports indicate that
it is not only the organizations that are becoming victims of the
phishing attacks but the number of attacks is on the rise, and the
level of sophistication is also advancing day in day out (Doupe
& Warner, 2018). Of importance is that the phishing attacks
have evolved in terms of the approaches that are followed in
penetrating computer users and violating their privacy.
Objectives
This research aims at studying the level of sophistication in
which phishing attacks has advanced. In this regard, it seeks to
determine how modern methods of phishing attacks are different
from the traditional ones. Secondly, this research aims to
2. explain the different current methods of carrying out phishing
attacks. Thirdly, this research study aims at determining how
these sophisticated methods of carrying out phishing attacks can
be controlled.
Literature Review
Different researchers and professionals have explored the issue
of modern phishing attacks and presented their work in the form
of journals and articles of research. One amongst the journals is
“Defending against phishing attacks: Taxonomy of methods,
current issues, and future directions,” authored by Kostas
Psannis, and Nalin Asanka Gamagedara (2017). In their
research, they noted that phishing statistics indicate that there is
a rise in the number of successful attacks that are being carried
out against industries and critical institutions. Psannis and
Gamagedara (2017) present this statistical information in the
form of a pie chart showing the various domains that exist and
how each one of them has been affected. Based on a report
presented in the form of a pie chart by the team, domains that
are worst hit by the crime include; retail, financial service
sector, payment services, multimedia domains, and social media
domains.
Other researchers who have explored the issue are Ike Vayansky
and Sathish Kumar (2018) through their study, “Phishing-
Challenges and
Solution
s.” Relative to the others, they examine the issue of modern
phishing attacks from an entirely different perspective. In their
case, they evaluate some of the methods that are being used in
contemporary penetration courtesy of phishing expeditions.
Some of the methods that they outline as having been used in
3. the past include spoofed emails. According to them, these
emails are sent to the victim with convincing message them to
compel them to send their useful information over the internet
or email.
Biju Isaac, Raymond Chiong, and Seibu Mary (2014) are other
researchers who explored the issue of modern phishing attacks.
In their studies, they examined some of the types of recent
phishing attacks. Among them were the creation of the rogue
access point and the image-only attack which use the alternating
images such as GIF to confuse the spam filters. Just like
Psannis, and Gamagedara (2017), Isaac, Chiong, and Mary
(2014) have also presented some vital statistics on how modern
phishing attacks have wreaked havoc in the industrial world.
Modern Phishing Attacks
This is a section that will contain information regarding some
of the modern methods of carrying out phishing attacks.
Additionally, this section of the research will aim at
distinguishing between social engineering and other forms of
attacks. Below is an outline of how the sections will be
organized.
Social Engineering versus other Computer Attacks
This section will begin by first defining social engineering and
providing details of the examples of social engineering
approaches that exist. One amongst the elements of social
engineering that will be discussed here includes phishing
4. attacks. Other forms of social engineering will be discussed but
briefly. Among them are; baiting, pretexting, tailgating, and
quid pro quo among others.
Other than the discussion of the various forms of social
engineering approaches, it is essential to maintain the focus of
the paper. Therefore, the paper will focus entirely on the
approaches that are followed in carrying out phishing attacks in
the modern world. One of the approaches to phishing attacks
that will be discussed here is the redirection attack also known
as the misdirection attack. The second attack that will be
discussed in this section will be the pop-up window attacks
which are being used extensively by some of the prominent and
sophisticated attackers.
The third type of attack that will be explored here is the email
with an image-only attack which to a greater extent employs the
aspect of images in emails. The fourth type of attack that will
be discussed in this section will be the email field manipulation
attack, a form of attack that is carried out on the side of the
client as opposed to being carried out from the remote server.
In terms of technical approaches to phishing attacks, different
forms of attacks will be explored. Some of them will include’
cross-site scripting, screen, and key loggers, DNS poisoning,
malware phishing, and session hijacking. With the key or the
screen loggers, they are programs that are installed on the
target’s system where they enable the attacker to take
5. screenshots as well as movements of the mouse while at the
same time sending these resources to the attacker in a different
remote location. With DNS Poisoning, it will entail a discussion
of how the fake DNS server is created as well as how the target
is convinced to proceed with the utilization of this DNA server.
With the malware phishing, this research will explore how
malware is planted in a computer and used in the storage of the
victim’s credentials as well as transmitting the credentials to
the attacker. With the session hijacking, this paper will explore
how a DoS (Denial of Service Attack) is carried out and how
identities are stolen during the denial of service attack which
later facilitates illegal access to resources. Finally, under cross-
site scripting, this study will explore how validation of input
and dynamic contents of a web page are used to carry out cross-
site scripting attack which also facilitates phishing on the
victim.
Taxonomy of Defense against Attacks
This section will look at the right solutions to the attacks that
will be discussed in the previous section. Although the
approaches to solutions can be the same, this section will seek
to provide a solution to every approach of phishing attack
discussed in the previous section. The first approach in the
taxonomy will be the network level protection which will entail
6. other aspects such as the utilization of anti-spam filters as well
as DNS based blacklists. The second approach will involve the
use of authentication both on the client side and on the server
side. The third approach in the taxonomy will entail email
classification based on features to minimize the impact of links
being embedded on mails which upon clicking lead the user to a
different site. The fourth approach in the taxonomy will entail
blacklisting as well a whitelisting for websites that are known
to be sources of phishing expeditions and those that are not. A
differentiation approach to minimize the impacts of phishing
activities. The final method or approach will entail the use of
heuristic solutions which operate by rule sets solving both the
learning process as well as problems.
Conclusion
This will be the final section of the research document. It will
provide an overview of the findings that the document will
come up with. With all the previous parts addressing unique and
differentiated issues, this section will sum up the problems
addressed while at the same time providing the best way
forward.
References
7. Doupe, A., & Warner, G. (2018). Inside a phisher's mind:
Understanding the anti-phishing ecosystem through pgishing kit
analysis. Conference Paper, 1-10.
Isaac, B., Chiong, R., & Mary, S. (2014). Analysis of phishing
attacs and countermeasures. Information Security Research Lab,
1-6.
Lyashenko, V. (2015). Methodology of the chaos theory in
research of phishing attacks. International Journal of Academic
Research, 12-19.
Psannis, K., & Gamagedara, A. (2017). Defending against
phishing attacks: Taonomy of methods, current issues, and
future directions. International Journal of Telecommunication
Systems, 2-19.
Vayansky, I., & Kumar, S. (2018). Phishing- Challenges and
solutions. Computer Fraud and Security, 14-20.