Time Up for Phishing with Effective Anti-Phishing Research Strategies

Time Up for Phishing with Effective Anti-Phishing Research Strategies

Sunil Chaudhary (University of Tampere, Tampere, Finland), Eleni Berki (University of Tampere, Tampere, Finland and University of Jyväskylä, Jyväskylä, Finland), Linfeng Li (Beijing Institute of Petrochemical Technology, Beijing, China) and Juri Valtanen (University of Tampere, Tampere, Finland)
DOI: 10.4018/IJHCITP.2015040104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Public awareness is a significant factor in the battle against online identity theft (phishing). Advancing public readiness can be a strategic protection mechanism for citizens' vulnerability and privacy. Further, an effective research strategy against phishing is the combination of increased social awareness with software quality and social computing. The latter will decrease phishing victims and will improve information systems quality. First, the authors discuss recent research results on software quality criteria used for the design of anti-phishing technologies. Second, it is argued that the dynamics of social surroundings affect citizens' trust and can compromise social security. Third, the authors outline basic research needs and strategic steps to be taken for timely citizens' protection. Last, the authors propose strategic research directions for improving information systems total quality management through international collaborative research and by focusing on: i) increasing social awareness; ii) predicting information phishing attempts; iii) adopting social computing approaches.
Article Preview

Introduction

Every day thousands of people are convinced to reveal vulnerable, personal information such as social security ids and bank account details, home and email addresses, and the list can go on. Deceitful and convincing attempts, known as social engineering techniques, have trustworthy content and occur through various communication means. Online identity theft, commonly known as (online) phishing, is an example of social engineering. A relevant research question here could be formed as follows:

  • Research Question: Would it be beneficial for science and society to i) know and ii) be able to predict the time and frequency of phishing attacks and other social engineering activities that compromise citizens’ privacy and safety?

Advancing social awareness can result in better and timely protection of citizens’ vulnerability and privacy. It can encourage citizens’ active participation in society and could eventually have a long term social impact, leading to social transformation (Berki et al., 2014). Additionally, it can prove to be the most cost-effective option in information systems maintenance.

Phishing through the Lenses of Information Security Professionals

In phishing attacks, technical subterfuge techniques (e.g., pharming) are employed to modify host files in the victims’ computers, proceed to DNS cache poisoning, utilise domain name typos, exploit cross-site scripting vulnerabilities, and organise man-in-the-middle attacks in order to redirect a website’s traffic to another, fake site. Further, techniques such as cross-site request forgery, specialised malware, rogue Wi-Fi (i.e. evil twin), rogue Quick Response (QR) code, and hacking techniques are also utilised to conduct phishing attacks.

Nowadays, however, social engineering is more prevalent in phishing attacks. Social engineering is the psychological manipulation of people in order to make them divulge their confidential information or perform unwitting activities which can be harmful for security and privacy… (See Li, 2013; Berki, 2014). The four phases of a cycle in social engineering are: information gathering, developing relationship, exploitation, and execution (see Allan et al., 2005). Phishers, spammers, and other (e.g. pharmers) employ more specialised targeted attacks such as spear phishing, clone phishing, and whaling and invest considerable time preparing for such attacks. They employ social engineering techniques such as masquerading, dumpster diving, leftover, hoax virus alerts and other such as chain letters, spam, direct psychological manipulation (Harley, 200), chat-in-the- middle attack, vishing, smishing (RSA, 2009), to name just a few attempts that target to sensitive information elicitation. In fact, social engineering and social engineers no longer have a positive image connected to socio-scientific knowledge, but they have been associated with dark creativity and deceitful information acquisition and processing. Notwithstanding, deceiving citizens to reveal their and friends’ and relatives’ personal credentials is considered unethical and illegal.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing