StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Business Security: Phishing - Essay Example

Cite this document
Summary
This essay "Business Security: Phishing" seeks to analyze and discuss phishing as an inevitable topic in business security. It, therefore, starts with defining clearly what it is, the techniques employed and the extent of damage it has inflicted…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.6% of users find it useful
Business Security: Phishing
Read Text Preview

Extract of sample "Business Security: Phishing"

Topic: Business Security: Phishing Introduction: This paper seeks to analyze and discuss phishing as an inevitable topic in business security. It therefore starts with defining clearly what it is, the techniques employed and the extent of damage it has inflicted. It continues by detailing what the stakeholders have done and what they plan to do with all the concerns on the reality of phishing. It ended with a practical advice on a personal note how an internet user protects itself from the dangers of failing to respond to the challenge. 2. Analysis and Discussion 2.1 Definition, techniques, proofs Wikipedia (2006) described phishing attempt as a disguised as an official email from a (fictional) bank, as attempts to trick the banks members into giving away their account information by "confirming" it at the phishers linked website. Phishing is bad and its one of the great enemies of the IT industry and its related industries, which particularly includes the e-commerce, electronic banking and other electronic finance related services. Wikipedia (2006) considers phishing as a form of criminal activity using social engineering techniques. It explains that phishers attempt fraudulently to acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Further, it states that phishing is typically carried out using email or an instant message. Given therefore the objective of phishers, one would not be surprised to here electronic fund theft or fraud as a result of phishing and the most likely victims are customers with banks accounts, credit card accounts a e-currency and other related accounts. As to what techniques are employed, Wikipedia (2006) said: Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL, http://www.yourbank.com.example.com/. One method of spoofing links used web addresses containing the @ symbol, which were used to include a username and password in a web URL (contrary to the standard Berners-Lee, Tim. (n.d.). For example, the link http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that the link will open a page on www.google.com, whereas the link actually directs the browser to a page on members.tripod.com, using a username of www.google.com; were there no such user, the page would open normally. This method has since been closed off in the Mozilla (Fisher, Darin. n.d.) and Internet Explorer (Microsoft, 2006) web browsers, while Opera provides a warning message and the option not to follow the link. One could now see the sophistication as to how phishing is conducted. In fact, what was mentioned above is not yet enough when Wikipedia (2006) further added techniques, saying, “ Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of the legitimate entitys URL over the address bar, or by closing the original address bar and opening a new one containing the legitimate URL (BBC News (2004).” Further, Wikipedia (2006) said: “In another popular method of phishing, an attacker uses a bank or services own scripts against the victim (Evgeniy Gabrilovich and Alex Gontmakher (February 2002). These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or services own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal (Krebs, Brian. Flaws in Financial Sites Aid Scammers , 2006) ” What are the reported cases of phishing then and what is the extent of the damage? Wikipedia (2006) cited: “On January 26, 2004, the FTC (Federal Trade Commission) filed the first lawsuit against a suspected phisher. The defendant, a Californian teenager, allegedly created and used a webpage designed to look like the America Online website, so that he could steal credit card numbers (Leyden, John 2006). Other countries have followed the lead of the U.S. by tracing and arresting phishers. A phishing kingpin, Valid Paulo de Almeida, was arrested in Brazil for leading one of the largest phishing crime rings, which in 2 years stole between $18 and $37 million USD (Leyden, John,2006). UK authorities jailed two men in June 2005 for their role in a phishing fraud (Roberts, Paul, n.d.), in a case connected to the USSS Operation Firewall, which targeted notorious "carder" websites (Nineteen Individuals Indicted in Internet Carding Conspiracy, 2004). In 2006 eight people were arrested by Japanese police on suspicion of phishing fraud by creating bogus Yahoo Japan Web sites, netting themselves 100 million yen ($870 thousand USD) (The Daily Yomiuri (n.d.).” 2.2 What actions or solutions have been done and things are being done by different stakeholders? The extent of damage done and the possibility of greater damage point the need for actions and decisions. In this regard, Wikipedia (2006), citing (Information Week, 2006) reported that in the United States, Democratic Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 on March 1, 2005. It also said that the federal anti-phishing bill proposes that criminals who create fake web sites and spam bogus emails in order to defraud consumers could receive a fine up to $250,000 and receive jail terms of up to five years. Moreover, Wikipedia (2006), citing (Microsoft Australia (2006), said that Microsoft has also joined the effort to crack down on phishing. On March 31, 2005, Microsoft filed 117 federal lawsuits in the U.S. District Court for the Western District of Washington. It said that the lawsuits accuse "John Doe" defendants of using various methods to obtain passwords and confidential information. March 2005 also saw Microsoft collaborates with the Australian government to teach law enforcement officials how to combat various cyber crimes, including phishing. In addition it said that Microsoft announced a planned further 100 lawsuits outside the U.S. in March 2006, citing (Espiner, Tom (2006). 3. On a personal level what could be done to avoid becoming the next victim? While actions are being done by governments and the firms industry, the consumer or user, who would be the victims of phishing could do many thing like what Thompson (2005) gave in following protection tips. As a rule, never e-mail personal or financial information. Never respond to requests for personal information in e-mails. Banks, the IRS and legitimate businesses never ask for such information through e-mail. If you are tempted to respond, call the company instead. If you initiate a transaction that calls for personal or financial information, confirm that the Web site is secure by checking for a lock icon on the browsers status bar or a URL that begins https (the s stands for secure) instead of http. Be aware that phishers are able to forge a security icon only when they initiate an e-mail, which is why you never should reveal information in response to a received e-mail. Check credit card and bank statements as soon as you receive them for any unauthorized charges. If your statement is late by more than a couple of days, call the company or bank to confirm your billing address and account balances. Use antivirus software and keep it current. Use a firewall if you have a broadband connection. Report suspected abuses to the antiphishing network authorities at reportphishing@antiphishing.org and to the company thats being spoofed. If you suspect your personal information has been compromised or stolen, be sure to promptly contact the Federal Trade Commission and the identity theft Web site at www.consumer.gov/idtheft. 3. Conclusion and Recommendation: Business entities exist with resources. Precisely they exist to manage resources of resource owners the stockholders and other stakeholders. Such management by companies also requires them to protect their resources and further demands increase in resources. Resources, specially the financial ones need to be protected from theft , fraud or even crimes. The speed by which business has allowed technology to hasten the process of business, has also produce an equally amount of speed in ease in losing business financial resources because of these theft, fraud and crimes. Phishing is one of the most popular and appear the latest crime of the this century. The stakeholders , particularly the users that includes , individuals, government and boringness must know the techniques and schemes through the use technologies used by phishers in effecting their evil purposes. I recommend that the strongest anti-dote is the cooperation among all the stakeholders through massive education of the users and governments strict and sure enforcement of anti-phishing laws it has made and made and will able to make. The fight for phishing is global fight. It transcends boundaries. The act of cooperation among nations could unify humanity that there is such a thing internet security. There is such thing as justice, and people who commit crimes be put to the bar of justice for stealing others money. In a deeper sense, the world of business is not only governed by profits and technologies, hence , the best anti-dote to crime like fishing is a foundation on morality where people are aware of the moral consequences of wrongful act be they appear via cyberspace or not. Bibliography 1. BBC News (2004) , "Phishing cacks broon hijwser bar", {www document} URL http://news.bbc.co.uk/2/hi/technology/3608943.stm , re-accessed July 25,2006 2. Berners-Lee, Tim. (n.d.) Uniform Resource Locators (URL), IETF Network Working Group. http://www.w3.org/Addressing/rfc1738.txt, Retrieved on January 28, 2006. Re-accessed July 25, 2006. 3. Evgeniy Gabrilovich and Alex Gontmakher (February 2002). "The Homograph Attack". Communications of the ACM 45(2): 128. , {www document} URL http://www.cs.technion.ac.il/%7Egabr/papers/homograph_full.pdf, re-accessed July 25,2006 4. Fisher, Darin. (n.d.), Warn when HTTP URL auth information is not necessary or when it is provided. Bugzilla, Retrieved on August 28, 2005, {www document} URL https://bugzilla.mozilla.org/show_bug.cgi?id=232567, re-accessed July 25,2006 5. Krebs, Brian. Flaws in Financial Sites Aid Scammers (2006) , Security Fix. Retrieved on June 28, 2006, {www document} URL http://blog.washingtonpost.com/securityfix/2006/06/flaws_in_financial_sites_aid_s.html, re-accessed July 25,2006 6. Legon, Jeordan (2005) , "Phishing scams reel in your identity", CNN, January 26, 2004., { www document } URL http://www.cnn.com/2003/TECH/internet/07/21/phishing.scam/index.html, re-accessed, July 25,2006 7. Leyden, John (2006), "Brazilian cops net phishing kingpin", The Register, March 21, 2005, { www document } URL http://www.cnn.com/2003/TECH/internet/07/21/phishing.scam/index.html 8. Microsoft (2006) . A security update is available that modifies the default behaviour of Internet Explorer for handling user information in HTTP and in HTTPS URLs. Microsoft Knowledgebase. Retrieved on August 28, 2005., {www document} URL http://support.microsoft.com/kb/834489, re-accessed July 25,2006 9. Nineteen Individuals Indicted in Internet Carding Conspiracy. (2004) Retrieved on November 20, 2005, { www document } URL http://www.cybercrime.gov/mantovaniIndict.htm 10. Roberts, Paul (n.d.), "UK Phishers Caught, Packed Away", eWEEK, June 27, 2005, { www document } URL http://www.eweek.com/article2/0%2C1895%2C1831960%2C00.asp 11. The Daily Yomiuri (n.d.) , "8 held over suspected phishing fraud", May 31, 2006., { www document } URL http://www.yomiuri.co.jp/dy/national/20060531TDY02012.htm 12. Thompson, S. (2005), Phight Phraud: Steps to Protect against Phishing AICPA RESOURCES, Technology Conference, Hilton, Austin, Texas Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Business Security: Phishing Essay Example | Topics and Well Written Essays - 1500 words”, n.d.)
Business Security: Phishing Essay Example | Topics and Well Written Essays - 1500 words. Retrieved from https://studentshare.org/miscellaneous/1537307-business-security-phishing
(Business Security: Phishing Essay Example | Topics and Well Written Essays - 1500 Words)
Business Security: Phishing Essay Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/miscellaneous/1537307-business-security-phishing.
“Business Security: Phishing Essay Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/miscellaneous/1537307-business-security-phishing.
  • Cited: 0 times

CHECK THESE SAMPLES OF Business Security: Phishing

Phishing Computer Crimes

phishing COMPUTER CRIMES phishing Computer Crimes Author Author's Affiliation Date With the passage of time, huge developments have been done in the field of computer science.... There are many other kinds of a computer crime however this paper mainly focuses on phishing.... The Internet's user-friendliness and convenience have fashioned modern ways for computer crime, well-known forms of which is phishing.... Moreover, phishing is an emerging problem regarding online data security and information safety....
4 Pages (1000 words) Research Paper

Information technology ethics

There are many other kinds of a crime which are performed using a computer however most of the computer crimes are covered under the term ‘phishing'.... The Internet's user-friendliness and convenience have fashioned modern ways for computer crime, well-known forms of which is phishing.... Moreover, phishing is an emerging problem regarding online data security and information safety.... There are a number of cases of identity theft and online frauds using phishing and other hacking techniques....
3 Pages (750 words) Essay

Technology Evaluation and Recommendation

The organization also faces many security threats during the process of information collection because of the fraudulent practices like phishing, vishing, and smishing.... Technology Evaluation and Recommendation (Name) (University) (Date) Technology Evaluation and Recommendation security Threats The peer-to-peer (P2P) file sharing application allows users to share video, music, games, and documents and facilitate online telephone conversations.... Technology Evaluation and Recommendation Technology Evaluation and Recommendation security Threats The peer-to-peer (P2P) file sharing application allows users to share video, music, games, and documents and facilitate online telephone conversations....
3 Pages (750 words) Essay

Threats and Methods to Secure a VoIP Network

ike with any new technology, in the early days of VOIP, there were no serious concerns about security related to its use.... As VOIP is gaining wide acceptance and becoming one of the mainstream communication technologies, security has become a major issue.... Network Administrators are finding themselves in a tough position of providing their clienteles with the security and reliability that they have grown accustomed to over these years.... he threats to security and privacy could be in the form of DOS (denial of service), malformed messages, sniffing, spoofing, vishing, VOIP spam and SPIT (spam over VOIP)....
17 Pages (4250 words) Essay

Mobile Computing

With regards to cloning, phishing, Smishing and Vishing, hackers have an unhindered access to the accounts of their victims.... Financial institutions have a hard time affecting the necessary security measures that could help curb the hackers from accessing the victims' accounts.... With regards to… These mechanisms create a number of security threats for the victims and the financial institutions. ... isks include compromising the victims' data availability, Mobile Banking Question Mobile banking, being a novel technique of money transaction, comes with new and advanced security risks....
1 Pages (250 words) Research Paper

Mobile Banking and Crowdsourcing and Networking

phishing, smishing, vishing, cloning, and lost or stolen smartphone are the major security risks to mobile banking industry.... As Todorova points out, latest versions of phishing scams can be more dangeroust; and he widespread popularity of mobile banking applications increases… the risk of downloading and installing malicious applications that could access the user's bank account information including passwords stored on the mobile device.... In SMS phishing or smishing, hackers try to steal user's bank account details through direct communication Mobile Banking, Crowdsourcing and Networking Mobile Banking, Crowdsourcing and Networking Assignment I A....
2 Pages (500 words) Research Paper

Phishing, Pharming, and Vishing: Computer Security

This work "phishing, Pharming, and Vishing: Computer Security" focuses on a detailed analysis of the main security concerns and problems faced during online working.... The author outlines computer security related issues, phishing, pharming, and vishing.... The Internet's user-friendliness and convenience have fashioned modern ways for computer crime, well-known forms of which are phishing, pharming, and vishing (Laudon & Laudon 1999, p....
9 Pages (2250 words) Coursework

History of Phishing and Development

This paper “History of phishing and Development” will present a detailed analysis of using phishing for/in website verification.... This research is aimed at discussing and elaborating the phishing technique, its main implementation areas, disadvantages and its utilization for the website verification.... hellip; The author states that phishing is an emerging problem regarding online data security and information safety....
20 Pages (5000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us