Phishing

1
2
3
4
5
6
7
Typical components of phishing emails
1
Fraudulent but similar domain name for sender
2
Incorrect branding
3
Generic information
4
Spelling errors
5
Sense of urgency
6
Fake link
7
Incorrect name

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information[1] or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim.[2] As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.[3]

The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600.[4][5][6] It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.[5][7][8]

Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures.[9] The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% in 2017 to 86% in 2020.[10]

  1. ^ Jansson, K.; von Solms, R. (2011-11-09). "Phishing for phishing awareness". Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.
  2. ^ Ramzan, Zulfikar (2010). "Phishing attacks and countermeasures". In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.
  3. ^ "Internet Crime Report 2020" (PDF). FBI Internet Crime Complaint Center. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
  4. ^ Ollmann, Gunter. "The Phishing Guide: Understanding and Preventing Phishing Attacks". Technical Info. Archived from the original on 2012-06-29. Retrieved 2006-07-10.
  5. ^ a b Wright, A; Aaron, S; Bates, DW (October 2016). "The Big Phish: Cyberattacks Against U.S. Healthcare Systems". Journal of General Internal Medicine. 31 (10): 1115–8. doi:10.1007/s11606-016-3741-z. ISSN 0884-8734. PMC 5023604. PMID 27177913.
  6. ^ Stonebraker, Steve (January 2022). "AOL Underground". aolunderground.com (Podcast). Anchor.fm.
  7. ^ Mitchell, Anthony (July 12, 2005). "A Leet Primer". TechNewsWorld. Archived from the original on April 17, 2019. Retrieved 2021-03-21.
  8. ^ "Phishing". Language Log, September 22, 2004. Archived from the original on 2006-08-30. Retrieved 2021-03-21.
  9. ^ Jøsang, Audun; et al. (2007). "Security Usability Principles for Vulnerability Analysis and Risk Assessment". Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC'07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.
  10. ^ Lin, Tian; Capecci, Daniel E.; Ellis, Donovan M.; Rocha, Harold A.; Dommaraju, Sandeep; Oliveira, Daniela S.; Ebner, Natalie C. (September 2019). "Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content". ACM Transactions on Computer-Human Interaction. 26 (5): 32. doi:10.1145/3336141. ISSN 1073-0516. PMC 7274040. PMID 32508486.