Social engineering entails a wide range of malicious activities accomplished by human interactions. Phishing is one of the most popular social engineering attacks, which involves phishing scams of text message and email campaigns that create curiosity, a sense of urgency, and fear in victims (Ramzan, 2010). This paper will analyze phishing attacks, their techniques, effects, and ways through which users can prevent the attack.
Phishing happens when an invader impersonates and deceives a user into opening prompt messages, emails, or text messages (Hong, 2012). The recipient is deceived and clicks the malicious link, that results in malware installation, which then reveals the victim’s sensitive data. Phishing attacks rely on legitimate links, benign code, shortened links, and redirects, modified brand logos (Ramzan, 2010). Legitimate links entail incorporating links of legitimate companies into phishing emails. Modified brand logos entails the incorporation of brand logos into the attack emails. Attackers may alter the HTML element of the logo to change the color. They also use shortened URLs, which are used to trick Email Gateways, redirect the users into a phishing landing page, and then redirect them to legitimate web pages after offering credentials.
Phishing attacks have resulted in intellectual property loss, loss of sensitive data, monetary losses, compromising of private and personal information (Hong, 2012). Direct financial loss has been linked to credit card breaches and loss of customer information due to phishing attacks. In businesses, phishing paralyzes operations since assets and data might be damaged or stolen, affecting the accessibility of services.
One of the ways to protect from phishing is keeping the software and operating system up to date. Setting the software up to date automatically can prevent any security threats. Using antispam filters also offers an internet security solution to detect unwanted and unsolicited emails and control messages from getting into the inbox (Chaudhry, Chaudhry, and Rittenhouse, 2016). Considering the source of the email or text message is also essential in preventing phishing attacks. Knowing where the message came from is crucial in evaluating whether the sender is impersonated or hacked.
Chaudhry, J. A., Chaudhry, S. A., & Rittenhouse, R. G. (2016). Phishing attacks and defenses. International Journal of Security and Its Applications, 10(1), 247-256.
Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74-81.
Ramzan, Z. (2010). Phishing attacks and countermeasures. Handbook of information and communication security, 433-448.