Академический Документы
Профессиональный Документы
Культура Документы
SRA 221
BLUF
Our security team has put together this report to address the various aspects of a very
prevalent type of cyber attack called Phishing. Phishing occurs when an attacker poses as a
legitimate institution or persona. The attackers lure individuals into giving away their sensitive
information without the user being aware. This type of maliciously acquired information is then
used by the attacker to infiltrate a network and/or steal data to benefit themselves. Attackers
motives may be financial, retaliation, or simply anything that will lead them to their ultimate
goal.
Phishing attacks are most often implemented via email because of its large role in
communication today. The attacks are often made to spread, and infect a group of users. The
more users attacked, increases the likelihood of its success. Phishing attacks are generally
stigmatized as being targeted at younger or older individuals. Although these groups of people
are susceptible to phishing because of their lack of security knowledge, large corporations are
also a big target for attackers. Through better security within a network infrastructure, these
Report
companies in order to induce individuals to reveal personal information, such as passwords and
credit card numbers.” It is a serious attempt at gaining information from somebody that can go
widley unnoticed while being deliberately believable. It could be an email from say a CEO that's
company wide, replicating every aspect of a typical email with one minor letter change. This
change can go unnoticed and the emails link could lead to a fraudulent website that steals the
persons information or gives somebody access to their machine that they are unaware about.
Phishing is a dangerous act of cyber warfare that can be achieved with minimal ease and is
As a company, employees should be trained to look for the signs of a phishing attempt.
Emails from company officials should have specific cues that are hard to replicate or information
only employees within the company could know. The problem lies in employees not seeing the
difference between an official email and a phishing one because they are so easy to replicate. If
the email contained logos and specific information only relevant to company wide emails.
Phishing attempts would be harder to hide and succeed as employees have a better chance of
spotting the inconsistency within. If more care is taken to specific format cues and things of the
such that employees are trained to look for, attempts at copying it would be very difficult.
Additionally, at the highest defense employees could follow a company rule not allowing the
email to be seen by anyone's eyes on their own with forwarding and replying restrictive
guidelines.
Phishing occurs when someone online pretends to be someone they are not in order to
trick the user into giving the attacker personal or confidential information. Phishing impacts us
because when sensitive information is stolen, the attackers will use that information in their
favor. For example, the most common phishing attacks occur with emails. Let's say you open
your email and there is an alert in your inbox from your supposed bank. Clicking on the link in
the email could bring you to a website that looks like the real, say “bankofamerica.com” but it is
slightly different. The different website that looks almost identical will have you enter in your
This impacts us because users need to be aware of phishing and need to be able to stay
away from any potential attacks. When the attacks do occur, sensitive information such as credit
card numbers, social security numbers, health records, and much more can be compromised,
stolen, and shared. This directly relates to confidentiality in the CIA triad. When phishing attacks
opposite end of a phishing attack. The people who should be most worried about this type of
malware are people who use technology the most. The people who use the internet the most also
have the highest amount of accounts on the internet, whether it be social media, bank
applications or news subscriptions. The common theme is, most things on the internet use a
person’s email address as an authentication method, which is something attackers using phishing
techniques look for. Email is the number one delivery vehicle for phishing, according to a study
done by Verizon in 2016. This means that people with many accounts are more likely to have
Another user domain that should be informed about phishing is people that work in a
There are multiple things like financial records or employee personal information, that someone
conducting a phishing attack, would be interested in. Often times CEOs are targeted because it is
easier for an attacker to distribute a phishing email through a high-ranking officials email
address. All the attacker needs is for one employee to fall into their trap, so they can gain a
Phishing was first mentioned by name in 1996, in a chatroom hosted by AOHell, a hacker
discussion site. Would have little economic impact though until 2001, when phishers targeted the
company E-Gold. While the attack was unsuccessful, it would show the entire world that people
could be tricked into giving out their personal information. In 2003, dozens of phishers acquired
the domains of dozens of sites that at a glance, looked similar to legitimate sites like eBay and
PayPal. By the next year, phishers realized the untapped gold mine that was others’ personal
Phishing attacks most commonly occur through email, getting a user to click on a link
they believe is reliable, but in truth it’s a site set up by the phisher so that the user will give out
their personal information. A study found that the majority of phishing attacks originate from
China and Russia. In 2009, 25% of phishing emails was traced back to the US and China.
Unsurprisingly, the countries with the most cybercrime activity are the ones home to the most
cybercriminal hosts. Namely China, the US, France, Brazil, and the U.K. Countries experiencing
economic uptick and strong political incentives have the most reason to take part in these attacks.
Phishing attacks have serious implications in our world today. A successful phishing
attack can steal not only money but your personal identifying information. In an article on
silicon.co Hatem Naguib Senior Vice President at Barracuda highlights why phishing attacks
don’t get as much attention as they should. Phishing attacks are a social engineering hack that
specifically target one individual. Naguib believes that phishing attacks aren’t due to the personal
nature of phishing attacks, although they can have company wide implications. It’s important to
educate company personnel and everyday citizens on the attacks. Phishing attacks often look like
a message, often times an email, from someone you know and communicate with regularly. But
with a trained eye and taking certain precautions phishing attacks can be prevented.
Companies and corporations need to be especially wary of phishing attacks. With a more
recently introduced discipline of phishing called spear-phishing, hackers have been known to
target individuals within an organization, use publicly posted information, and exploit them with
of all cyber-espionage incidents. The report also highlighted two shocking statistics, users open
23% of phishing emails sent, and 11% of the attachments in those emails. When one of ten
people click on that attachment hackers have the ability to steal their identity, commit financial
fraud, steal intellectual property, and even commit espionage for political or economic gain
depending on the target. With all of this data and confidential information at risk companies and
individuals need to begin being more active in their defense. Companies should take serious
measures to educate their personnel on common phishing tactics, and establish a procedure when
http://resources.infosecinstitute.com/category/enterprise/phishing/the-phishing-
landscape/phishing-targets/#gref
Crowe, J. (n.d.). Phishing by the Numbers: Must-Know Phishing Statistics 2016. Retrieved
What is Phishing and how does it affect email users. (n.d.). Retrieved April 8, 2018, from
https://usa.kaspersky.com/resource-center/preemptive-safety/what-is-phishings-impact-
n-email
Spear Phishing Attacks Needs To Be Given The Attention They Deserve. (2017, July 06).
https://www.silicon.co.uk/security/spear-phishing-attacks-attention-
216687?inf_by=5aceac13671db8f55b8b4d24
Spear Phishing: Real Life Examples. (2017, March 02). Retrieved April 12, 2018, from
http://resources.infosecinstitute.com/spear-phishing-real-life-examples/#gref
History of Phishing. (n.d.). Retrieved April 11, 2018, from phishing website:
http://www.phishing.org/history-of-phishing