Phishing - Definition
If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.
- Accounting, Taxation, and Reporting
Law, Transactions, & Risk Management
Government, Legal System, Administrative Law, & Constitutional Law Legal Disputes - Civil & Criminal Law Agency Law HR, Employment, Labor, & Discrimination Business Entities, Corporate Governance & Ownership Business Transactions, Antitrust, & Securities Law Real Estate, Personal, & Intellectual Property Commercial Law: Contract, Payments, Security Interests, & Bankruptcy Consumer Protection Insurance & Risk Management Immigration Law Environmental Protection Law Inheritance, Estates, and Trusts
- Marketing, Advertising, Sales & PR
- Business Management & Operations
- Economics, Finance, & Analytics
- Professionalism & Career Development
Phishing is a tricky and shoddy way of extorting sensitive information from individuals or even corporate organizations. Phishing is a fraudulent means of getting vital information such as credit card numbers, login passwords, and other confidential information through disguise. Fraudsters pose as professionals or cyber security experts to get relevant information from their victims. Phishing is done through hoax or instant messages sent directly to users to lure them into entering their personal information in fake websites that ordinarily look original.
A Little More on What is Phishing
Phishing in any of its form is a cybercrime and there are legislative and technological measures that have been devised to combat this crime. Attackers cloak their identities, share spiteful links, forge addresses and webpages to reach their target audience. Access to users accounts result in identity theft, financial loss and even integrity loss. These cyber criminals do not only use emails or texts, they also use voice phishing (vishing), SMS Phishing (smishing) and several other techniques.The first legal war against phishing was a lawsuit filed against a Californian teenager in 2004. The lawsuit was filed because the teenager imitated a website belonging to America Online. Through the use of counterfeit emails and messages, the teenager extracted sensitive information such as passwords and credit card details from users. There are many attributes of qualities of phishing, the most common features of phishing are;
- They are attractive- Phishers use appealing and captivating statements to lure victims into their traps. These attractive means include prizes claims, extremely low prices or lotteries.
- Imitations that look original- this is another feature that is commonly found in almost all forms of phishing.
- Another attribute of phishing is that they compel victims to act fast, leaving no room for second thoughts.
- Phishing also use hyperlinks that redirect users to clone websites.
- Professionalism in circulation and contents of emails and text messages.
References for Phishing
Academic Research on Phishing
Why phishing works, Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April). In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581-590). ACM. Before phishing can be effectively tackled from its roots, designers need to how it works. This paper presents an analysis of phishing attacks which will provide proof on how the strategies of attackers work on their victims. The empirical analysis was conducted using the ability of 22 participants to differentiate legitimate websites from fraudulent ones, 20 different sites were shown to the participants. The analysis revealed that many participants are fooled by visual deception and they do not take cognisance of factors that indicate the legitimacy of a website. 23% were said to have made wrong choices. This paper therefore show strategies that phishers use to defraud people.Social phishing, Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Communications of the ACM, 50(10), 94-100. This paper is a discussion of social phishing and how it is an effective strategy that attackers use to lure their victims. Social phishing is often done in a friendly manner, in such a way that receivers would believe that the sender has their interest in mind. In this type of phishing, emails are sent to receivers and they are tricked to reveal more than the required information.Do security toolbars actually prevent phishing attacks?, Wu, M., Miller, R. C., & Garfinkel, S. L. (2006, April). In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 601-610). ACM.This paper examines the role security toolbars play in safeguarding users from phishing attacks. This paper conducts a study on three security toolbars popularly used by people. This study however finds out that not only are security toolbars ineffective in preventing phishing attacks, browsing security devices are also lacking in detecting these attacks. The study further finds out that if peradventure security toolbars detect a foul play and alerts users, many users failed to look at it. Some users shun the warnings of security toolbars and this explains that some users don't understand phishing attacks work.The state of phishing attacks, Hong, J. (2012). Communications of the ACM, 55(1), 74-81. This paper evaluates and studies the present state on phishing attacks in line with its strategies and potency on individuals and even corporate organizations. The study looks into the systems and strategies that are formerly in use and how phishers take advantage of the systems. A good understanding of the state of phishing is crucial to the development of effective measures to mitigate it.Decision strategies and susceptibility to phishing, Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2006, July). In Proceedings of the second symposium on Usable privacy and security (pp. 79-90). ACM. It is no longer news that phishers coin brilliant strategies to attack people, this paper studies the decision strategies of users and the susceptibility of individuals or corporate organizations to these strategies. This study aims to find out the strategies of phishing, how people fall into these tricks and why they become susceptible to the strategies. An analysis carried out using 20 beginners in computer reveal that decision strategies on the part of the users is linked to their awareness and ability to identify suspecting emails. When people are aware of certain risks, there is a higher chance they will manage the risk well. This study examines the strategies people use in identifying and evade phishing attacks.An empirical analysis of phishing blacklists, Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., & Zhang, C. (2009, July). In Sixth conference on email and anti-spam (CEAS).This paper presents an empirical study of phishing blacklists and their impacts. It examines how blacklists protect users from phish.An analysis used 191 phish to conduct tests on eight major anti-phishing toolbars. This funding show that as at hour zero, blacklists were unable to catch up to 20% of phish, this reflect to a large extent how ineffective blacklists are in protecting users from phish. The paper discusses why anti-phishing tools need to be improved on and how they can become effective in protecting users. A framework for detection and measurement of phishing attacks, Garera, S., Provos, N., Chew, M., & Rubin, A. D. (2007, November). In Proceedings of the 2007 ACM workshop on Recurring malcode (pp. 1-8). ACM. If phishing will be effectively combated and individuals and organizations be made free of phishing attacks, there is the need to develop a substantial framework. This paper studies the framework that is vital to the detection of phishing and also measure the degree of phishing attacks. This framework will enable statutory bodies to come up with regulations imperative for the protection of users against phishing attacks.Phishing for user security awareness, Dodge Jr, R. C., Carver, C., & Ferguson, A. J. (2007). Computers & Security, 26(1), 73-80. For phishing to be effectively combated, there is a level of security awareness and education that is required. However, it is important to note that security education will only be effective if willing and yielding people are educated. This study examines how frequently statutory bodies conduct security education and awareness in order to equip users with adequate knowledge about phishing and how they can resist its attacks. It also studies the attitudes and responses of users to phishing attacks in form of emails using an unannounced test.Large-Scale Automatic Classification of Phishing Pages., Whittaker, C., Ryner, B., & Nazif, M. (2010, February). In NDSS(Vol. 10, p. 2010).This paper discusses how phishing sites are detected using the automatic classification of pages. Internet users spend a fortune every year accessing counterfeit websites designed by phishers. This paper examine the role of scalable machine learning classified in detecting phishing pages and separating fraudulent websites from original ones. This includes an analysis of URL and contents of a page to detect phishing pages. This paper examines how the classifier achieves this and the validity of the pages screened by a classifier.Anomaly based web phishing page detection, Pan, Y., & Ding, X. (2006, December). In null (pp. 381-392). IEEE.There are many anti-phishing schemes that are designed to wage war against phishing but sadly, with their enormous number, phishing has not been fully mitigated. As new anti-phishing schemes are deviced, attackers also device newer strategies. This paper presents an approach that will study the anomalities in web pages in terms of structure and identity. This is novel approach, independent of any form of phishing and it proves to be a little more effective than some other anti-phishing methods.Detection of phishing webpages based on visual similarity, Wenyin, L., Huang, G., Xiaoyue, L., Min, Z., & Deng, X. (2005, May). In Special interest tracks and posters of the 14th international conference on World Wide Web (pp. 1060-1061). ACM.Phishing webpages are often similar to legitimate web pages but they can still be differentiated. Visual similarity as a proposed strategy that is helpful in the detection of phishing webpages is discussed in this paper. This paper identifies that visual similarity can be a solution for anti-phishing strategies. With visual similarity, owners of legitimate webpages can easily track down counterfeit pages similar to the original. page. Experiment however reveal that visual similarity as an approach that can effectively detect phishing webpages. Phishing email detection based on structural properties, Chandrasekaran, M., Narayanan, K., & Upadhyaya, S. (2006, June). In NYS cyber security conference (Vol. 3). This paper on cyber security and security awareness examines how phishing emails are detected based on structural properties. phishing emails are often constructed like original ones, so many find it difficult to differentiate phishing emails from real ones. in this study, the techniques that individuals or organizations can use in detecting phishing emails bases of structural properties will be discussed.