This document discusses legal and ethical issues related to technology and communication in education, focusing on phishing and software privacy. It defines phishing as a type of social engineering attack where attackers try to trick users into revealing sensitive information. Common phishing techniques include promising too-good-to-be-true offers, creating a sense of urgency, including suspicious links or attachments in emails, and impersonating unusual senders. It also discusses how to prevent phishing attacks and defines different types like spear phishing. The document then discusses software privacy, describing types of privacy software that protect users' internet privacy and data through whitelisting/blacklisting, encryption, intrusion detection systems, and steganography.

1. EDU 03
Technology and
Communication in Education
Legal and Ethical Issues:
Phishing, Software Privacy
Submitted by
Aswani V G
Roll No 29
Physical Science

2. Introduction
The ubiquitous growth of the Internet, and advances in
communications, networking, data gathering and storage
technologies, have exacerbated the vulnerability of information
systems. The extent, frequency, seriousness, and diversity of external
attacks to computer systems are unprecedented. Meanwhile, internal
attacks and abuse of proprietary information assets account for at
least half of the serious security and privacy incidents worldwide.
On another front, the personal data gathered and stored by
companies is ever more frequently used for profiling and analysis,
often without the knowledge or consent of the individuals or groups
concerned. Mobile computing with location aware capabilities
further exacerbates these concerns. The fast-paced development of
new artificial and augmented intelligence applications challenge
existing legal, regulatory and ethical frameworks. Thus, it is
imperative to better understand the laws, policies, strategies,
technologies, and actions by societies, organizations, groups, and
individuals that address these issues.
Human controls are applicable to computer security: the legal
system and ethics. The legal system has adapted quite well to
computer technology by reusing some old forms of legal protection
(copyrights and patents) and creating laws where no adequate ones
existed (malicious access). Still, the courts are not a perfect form of
protection for computer resources, for two reasons. First, the courts
tend to be reactive instead of proactive. That is, we have to wait for a
transgression to occur and then adjudicate it, rather than try to

3. prevent it in the first place. Second, fixing a problem through the
courts can be time consuming and expensive; the latter
characteristic prevents all but the wealthy from addressing most
security issues.
Ethics has not had to change, because ethics is more situational
and personal than the law. For example, the privacy of personal
information is becoming an important part of computer security.
Computers have become the primary repository of both personal
information and negotiable assets, such as bank records, securities
records, and other financial information. Other types of databases,
both statistical and otherwise, are assets with considerable value.
These assets can only be viewed, created, and altered by technical
and automated means. Those who can understand and exploit the
technology, plus those who have obtained access permission, have
power related to those assets.
The laws dealing with computer security affect programmers,
designers, users, and maintainers of computing systems and
computerized data banks. These laws protect, but they also regulate
the behaviour of people who use computers. Before recommending
change, however, professionals must understand the current state of
computers and the law. Three motivations for studying the legal
section are to know what protection the law provides for computers
and data, to appreciate laws that protect the rights of others with
respect to computers, programs, and data and to understand existing
laws as a basis for recommending new laws to protect computers,
data, and people.

4. Discussion
a) Phishing
Phishing is a type of social engineering where an attacker sends a
fraudulent (e.g., spoofed, fake, or otherwise deceptive) message
designed to trick a human victim into revealing sensitive
information to the attacker or to deploy malicious software on the
victim's infrastructure like ransomware (a type of malware that
threatens to publish the victim's personal data or perpetually block
access to it). That is, Phishing is a cybercrime in which a target or
targets are contacted by email, telephone or text message by
someone posing as a legal institution to lure individuals into
providing sensitive data such as personally identifiable information,
banking and credit card details, and passwords. The recipient is then
tricked into clicking a malicious link, which can lead to the
installation of malware, the freezing of the system as part of
a ransomware attack or the revealing of sensitive information. As of
2020, phishing is by far the most common attack performed by
cybercriminals
Common Features of Phishing Emails
1) Too Good To Be True : Lucrative offers and eye-catching or
attention grabbing statements are designed to attract people’s
attention immediately. For instance, many claim that you have won
an iPhone, a lottery, or some other lavish prize. Just don't click on

5. any suspicious emails. Remember that if it seems to good to be true,
it probably is!
2)Sense of Urgency : A favourite tactic amongst cybercriminals is to
ask you to act fast because the super deals are only for a limited
time. Some of them will even tell you that you have only a few
minutes to respond. When you come across these kinds of emails, it's
best to just ignore them. Sometimes, they will tell you that your
account will be suspended unless you update your personal details
immediately. Most reliable organizations give ample time before
they terminate an account and they never ask patrons to update
personal details over the Internet. When in doubt, visit the source
directly rather than clicking a link in an email.
3)Hyperlinks: A link may not be all it appears to be. Hovering over a
link shows you the actual URL where you will be directed upon
clicking on it. It could be completely different or it could be a
popular website with a misspelling or something like that.
4)Attachments : If you see an attachment in an email you weren't
expecting or that doesn't make sense, don't open it! They often
contain payloads like ransomware or other viruses. The only file
type that is always safe to click on is a .txt file.
5)Unusual Sender : Whether it looks like it's from someone you
don't know or someone you do know, if anything seems out of the
ordinary, unexpected, out of character or just suspicious in general
don't click on it!

6. Types of Phishing
Email phishing: Most phishing messages are delivered by email, and
are not personalized or targeted to a specific individual or company
this is termed "bulk" phishing. The content of a bulk phishing
message varies widely depending on the goal of the attacker–
common targets for impersonation include banks and financial
services, email and cloud productivity providers, and streaming
services.
Spear phishing: Spear phishing involves an attacker directly
targeting a specific organization or person with tailored phishing
communications. In contrast to bulk phishing, spear phishing
attackers often gather and use personal information about their
target to increase their probability of success of the attack.
Whaling and CEO fraud : It refers to spear phishing attacks
directed specifically at senior executives and other high-profile
targets. It involves the crafting of spoofed emails
purportedly from senior executives with the intention of getting
other employees at an organization to perform a specific action,
usually the wiring of money to an offshore account.
Voice phishing : is the use of telephony (often voice telephony) to
conduct phishing attacks. Attackers will dial a large quantity of
telephone numbers and play automated recording that make false
claims of fraudulent activity on the victim's bank accounts or credit
cards.

7. Prevent Phishing Attacks
To protect against spam mails, spam filters can be used. Generally,
the filters assess the origin of the message, the software used to send
the message, and the appearance of the message to determine if it’s
spam. Occasionally, spam filters may even block emails from
legitimate sources, so it isn’t always 100% accurate.
The browser settings should be changed to prevent fraudulent
websites from opening. Browsers keep a list of fake websites and
when you try to access the website, the address is blocked or an alert
message is shown.
Many websites require users to enter login information while the
user image is displayed. This type of system may be open to security
attacks. One way to ensure security is to change passwords on a
regular basis, and never use the same password for multiple
accounts, use of CAPTCHA etc.
Banks and financial organizations use monitoring systems to prevent
phishing. Individuals can report phishing to industry groups where
legal actions can be taken against these fraudulent websites.
Changes in browsing habits are required to prevent phishing. If
verification is required, always contact the company personally
before entering any details online.
If there is a link in an email, hover over the URL first. Secure
websites with a valid Secure Socket Layer (SSL) certificate begin with
“https”.

8. b) Software Privacy
Privacy software is software built to protect the privacy of its users.
The software typically works in conjunction with Internet usage to
control or limit the amount of information made available to third
parties. The software can apply encryption or filtering of various
kinds. It can mainly refer to two types of protection: The first type is
protecting a user's Internet privacy from the World Wide Web.
There are software products that will mask or hide a user's IP
address from the outside world to protect the user from identity
theft. The second type of protection is hiding or deleting the user's
Internet traces that are left on their PC after they have been surfing
the Internet. There is software that will erase all the user's Internet
traces and there is software that will hide and encrypt a user's traces
so that others using their PC will not know where they have been
surfing.
Types of Software Protection
Whitelisting and blacklisting : Whitelisting is a process in which a
company identifies the software that it will allow and does not try to
recognize malware. It permits acceptable software to run and either
prevents anything else from running or lets new software run in a
quarantined environment until its validity can be verified. Whereas
whitelisting allows nothing to run unless it is on the
whitelist, blacklisting allows everything to run unless it is on the
black. A blacklist then includes certain types of software that are not
allowed to run in the company environment.

9. Intrusion detection systems: These are designed to detect all types of
malicious network traffic and computer usage that cannot be
detected by a firewall. These systems capture all network traffic
flows and examine the contents of each packet for malicious traffic.
Encryption: is another form of privacy security. When organizations
do not have a secure channel for sending information, they use
encryption to stop unauthorized eavesdroppers. Encryption is the
process of converting an original message into a form that cannot be
read by anyone except the intended receiver.
Steganography: is sometimes used to hide messages from
eavesdropping and e-surveillance. It hides the data rather than
converting it. They ensure that messages can be hidden from being
exposed.
In short, Privacy rights ensure we have control over our data. If it's
your data, you should have control over it. Privacy rights dictate that
your data can only be used in ways you agree to and that you can
access any information about yourself. Privacy rights put you in the
driver's seat of your own life.