An Analysis of Phishing Attacks: Information Technology Security: Cybercrime and Its Solutions
Keywords:
Phishing Cybersecurity, Multi factor Authentication, Email Filtering, Spear-phishing, AI-driven Attacks, Behavioral Biometrics, Zero Trust, Microsoft, Email Authentication, Machine Learning, Block chain Crime, Threat Intelligence, User Education, Phishing-as-a-Service, CyberAbstract
Phishing is one of the most primary and persistent threats when it comes to cybersecurity, and is grounded on deception tropes which try to pry information from individuals or organizations or get unauthorized access to their systems. Phishing, which is discussed in this review, circles around every trick the criminals employ, the collection of intelligence by the attackers and the countermeasures which may be applied to contain the attacks. There are different types of phishing such as spear-phishing, phishing have become popular so have AI-based attacks which shows that one method is not sufficient anymore. The organizations hence need to implement several layers of defense like; Information user awareness, two-factor or mult-factor technique, superior email filtering technique and rigid enforcement of the email verification procedures like SPF, DKIM and DMARC. New chances will be expected from the methods like Machine Learning, Behavioural Biometrics, and Block Chain for efficient detection and control of the phishing. Zero Trust security model, which only periodically validates each access request to reduce the vulnerability of successful cyber-attacks has notes on how to use it. Likewise, there is more sharing of intelligence and working across industry in real time very central in tackling phishing threats. At present, there is a heightened appreciation of better user security, the dangers that require anticipative measures, continuous monitoring, and popularity of use. This paper emphasizes that combat against phishing requires a systematic and timely approach that incorporates technology and user awareness as well as organizational backing. As with the assistance of following what has been described here as best practices and solutions, one and everyone and every company may decrease the probability of being spoofed and the consequences of such spoofing.
References
Jangjou M, Sohrabi MK. A comprehensive survey on security challenges in different network layers in cloud computing. Arch Comput Methods Eng. 2022; 29(6): 3587–3608.
Alam A. Cloud-Based E-learning: Scaffolding the Environment for Adaptive E-learning Ecosystem Based on Cloud Computing Infrastructure. In Computer Communication, Networking and IoT: Proceedings of 5th ICICC 2021. 2022; 2: 1–9. Singapore: Springer Nature Singapore.
Seifert M, Kuehnel S, Sackmann S. Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions. ACM Comput Surv. 2023; 55(11): 1–35.
Nadeem F. Evaluating asnd Ranking Cloud IaaS, PaaS and SaaS Models Based on Functional and Non-Functional Key Performance Indicators. IEEE Access. 2022; 10: 63245–63257.
Parast FK, Sindhav C, Nikam S, Yekta HI, Kent KB, Hakak S. Cloud computing security: A survey of service-based models. Comput Secur. 2022; 114: 102580. International Journal of Wireless Security and Networks Volume 1, Issue 2 © STM Journals 2023. All Rights Reserved 25
Nadeem M, Arshad A, Riaz S, Wajiha Zahra S, Band S, Mosavi A. Two layer symmetric cryptography algorithm for protecting data from attacks. Comput Mater Contin. 2022; 74(2): 2625–2640.
Mohammed CM, Zeebaree SR. Sufficient comparison among cloud computing services: IaaS, PaaS, and SaaS: A review. Int J Sci Bus. 2021; 5(2): 17–30.
Ali M, Jung LT, Sodhro AH, Laghari AA, Belhaouari SB, Gillani Z. A Confidentiality-based data Classification-as-a-Service (C2aaS) for cloud security. Alex Eng J. 2023; 64(2): 749–760. 12. Butt UA, Amin R, Mehmood M, Aldabbas H, Alharbi MT, Albaqami N. Cloud Security Threats and Solutions: A Survey. Wirel Pers Commun. 2023; 128(1): 387–413.
Aoudni Y, Donald C, Farouk A, Sahay KB, Babu DV, Tripathi V, Dhabliya D. Cloud security based attack detection using transductive learning integrated with Hidden Markov Model. Pattern Recognit Lett. 2022; 157: 16–26
Nadeem M, Arshad A, Riaz S, Zahra SW, Dutta AK, Al Moteri M, Almotairi S. An Efficient Technique to Prevent Data Misuse with Matrix Cipher Encryption Algorithms. Comput Mater Contin. 2022; 74(2): 4059–4079.
Upadhyay D, Zaman M, Joshi R, Sampalli S. An efficient key management and multi-layered security framework for SCADA systems. IEEE Trans Netw Service Manag. 2021; 19(1): 642–660.
Zahra SW, Arshad A, Nadeem M, Riaz S, Dutta AK, Alzaid Z, Almotairi S, et al. Development of Security Rules and Mechanisms to Protect Data from Assaults. Appl Sci. 2022; 12(24): 12578.
Al-Shabi MA. A survey on symmetric and asymmetric cryptography algorithms in information security. Int J Sci Res Publ (IJSRP). 2019; 9(3): 576–589.
Musa A, Mahmood A. Client-side cryptography based security for cloud computing system. In 2021 Int Conf on Artificial Intelligence and Smart Systems (ICAIS), Coimbatore, India. 2021; 594–600.
Hossain ME. Enhancing the security of caesar cipher algorithm by designing a hybrid cryptography system. Int J Comput Appl. 2021; 183(21): 55–57.
Akanksha D, Samreen R, Niharika GS, Shruthi A, Kiran MJ, Venkatramulu S. A hybrid cryptosystem based on modified vigenere cipher and polybius cipher. EPRA Int J Res Dev. 2022; 7(6): 113–119.
Sun H, Grishman R. Lexicalized dependency paths based supervised learning for relation extraction. Comput Syst Sci Eng. 2022; 43(3): 861–870.
Nadeem Muhammad, Arshad Ali, Riaz Saman, Zahra Syeda, Dutta Ashit, Alzaid Zaid, Alabdan Rana, Almutairi Badr, Alaybani Sultan. Hill Matrix and Radix-64 Bit Algorithm to Preserve Data Confidentiality. Comput Mater Contin. 2023; 75(2): 3065–3089. 10.32604/cmc.2023.035695
Kaspersky. Tips on how to protect yourself against cybercrime [Online]. Available from https://www.kaspersky.com/resource-center/threats/what-is-cybercrime
Exploring and analyzing Internet crimes and their behaviours. Perspectives in Science. 2016;8:540-542. Brief Study of Cybercrime on an InternetDhavalChudasama All Rights Reserved 6
Norton. 11 ways to help protect yourself against cybercrime [Online]. Available from https://us.norton.com/internetsecurity-how-to-how-to-recognize-and-protect-yourself-fromcybercrime.html
Kaspersky. Tips on how to protect yourself against cybercrime [Online]. Available from https:// www.kaspersky.com/resource-center/threats/what-is-cybercrime
HemrajSaini, Yerra Shankar Rao, et al. Cyber-Crimes and their Impacts: A Review. International Journal of Engineering Research and Applications (IJERA). 2012;2(2):202-209.
Helpline Law Legal Solutions Worldwide. Cyber Crimes in India-What is, Types, Web Hijacking, Cyber Stalking [Online]. Available from https://www.helplinelaw.com/employment-criminal-andlabour/CCII/cyber-crimes-in-india-what-is-types-web-hijacking-cyber-stalking.html
V.Karamchand Gandhi. An Overview Study on Cybercrimes in Internet. Journal of Information Engineering and Applications. 2012;2(1):1-6
DM Chudasama, LK Sharma, et al. A Comparative Study of Information Systems Auditing in Indian Context. Information Systems Audits for eCommerce. 2019;7(4):020-028.
DM Chudasama, L.K. Sharma, et al. Refine Framework of Information Systems Audits in Indian Context. International Journal of Computer Sciences and Engineering. 2019;7(5):331-345.
DM Chudasama, Kathan Patel, et al. Awareness of Data Privacy Breach in Society. International Journal of All Research Education and Scientific Methods (IJARESM). 2020; 8(10):303-307.
DM Chudasama, Darsh Patel, et al. Research on Cybercrime and its Policing. American Journal of Computer Science and Engineering Survey. 2020; 8(10):14.
Soham Shah, MA Lokhandwala, et al.Decoding Farm Laws. International Journal of Scientific Research and Engineering Development. 2021; 4(2):590-595.
Hong J (2012) the state of phishing attacks. Communications of the ACM 55: 74–81. 2. Singer PW, Friedman A (2014) Cybersecurity: What Everyone Needs to Know. 1st Eds, Oxford University Press.
Krombholz K, Hobel H, Huber M, et al. (2015) Advanced social engineering attacks. J Inf Secur Appl 22: 113–122.
Ducklin P (2020) Phishingové triky aneb 10 nejběžnějších podvodů roku 2020 (Phishing tricks or the 10 most common scams of 2020). IT’S SYSTEMS. Available from: https://www.systemonline.cz/it-security/phishingove-triky.htm
Becton L (2020) The Importance of Digital Literacy in K-12, Available from: https://www.educationcorner.com/importance-digital-literacy-k-12.html
Parsons K, Butavicius M, Delfabbro P, et al. (2019) Predicting susceptibility to social influence in phishing emails. Int J Hum-Comput St 128: 17‒26
Lin T, Capecci DE, Ellis DM, et al. (2019) Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content. ACM T Comput-Hum Int 26: 1‒28.
Adewumi OA, Akinyelu AA (2016) A hybrid firefly and support vector machine classifier for phishing email detection. Kybernetes 45: 977‒994.
Sami S, Nauman A, Li Z (2018) Detection of online phishing email using dynamic evolving neural network based on reinforcement learning. Decis Support Syst 107: 88‒102.
Zhao M, a B, Kiekintveld C (2016) Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks. In: Proceedings of 30th Association-for-the-Advancement-of-Artificial-Intelligence (AAAI) Conference on Artificial Intelligence 30: 658‒664.
Wang J, Li Y, Rao HR (2016) Overconfidence in Phishing Email Detection. J Assoc Inf Syst 17: 759‒783. 12. Williams EJ, Polage D (2019) how persuasive is phishing email? The role of authentic design, influence and current events in email judgements. Behav Inform Technol 38: 184‒197.
Ferreira A, Teles S (2019) Persuasion: How phishing emails can influence users and bypass security measures. Int J Hum-Comput St 125: 19‒31.
Seifollahi S, Bagirov A, Layton R, et al. (2017) Optimization Based Clustering Algorithms for Authorship Analysis of Phishing Emails. Neural Process Lett 46: 411‒425.
Canfield CI, Fischhoff B, Davis a (2019) Better beware: comparing metacognition for phishing and legitimate emails. Metacognition and Learning 14: 343‒362. 116 AIMS Electronics and Electrical Engineering Volume 5, Issue 1, 93–116.
Nowak J, Korytkowski M, Wozniak M, et al. (2019) URL-based Phishing Attack Detection by Convolutional Neural Networks. Aust J Intell Inf Process Syst 15: 60‒67
Wei W, Ke Q, Nowak J, et al. (2020) Accurate and fast URL phishing detector: A convolutional neural network approach. Comput Netw 178: 107275.
DZRO FVT-2, KYBERSILY. Project of faculty research: Cyber forces and resources. University of Defence, Faculty of Military Technologies, Brno, Czech Republic, 2021.
Hajgude, J., Ragha, L.: Phish mail guard: Phishing mail detection technique by using textualandURLanalysis.In:2012WorldCongressonInformationandCommunicationTechnolog ies, pp. 297–302 (2012)
Marchal,S.,Armano,G.,Grondahl,T.,Saari,K.,Singh,N.,Asokan,N.:OFf-the-Hook: AnEfficient and Usable Client-Side Phishing Prevention Application. IEEE Trans. Comput. 66(10), 1717– 1733 (2017)
Whittaker, C., Ryner, B., Nazif, M.: Large-Scale Automatic Classification of Phishing Pages4. Deng, L.: A TutorialSurvey of Architectures, Algorithms, andApplications for DeepLearning. APSIPA Trans. Signal Inf. Process. (2014)
Selvaganapathy, S., Nivaashini, M., Natarajan, H.: Deep belief network based detection andcategorization of malicious URLs. Inf. Secur. J. A Glob. Perspect. 27(3), 145–161 (2018)
Kitchenham,B.,PearlBrereton,O.,Budgen,D.,Turner,M.,Bailey,J.,Linkman,S.:Systematicliter ature reviews in software engineering – A systematic literature review. Inf. Softw. Technol. 51(1), 7–15 (2009)
Basnet, R., Mukkamala, S., Sung, A.H.: Detection of Phishing Attacks: A Machine Learning Approach. In Soft Computing Applications in Industry, pp. 373–383. Berlin, Heidelberg, Springer Berlin Heidelberg (2008)
Yuan, X.: PhD Forum: Deep Learning-Based Real-Time Malware Detection with MultiStageAnalysis. In 2017 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–2 (2017)
Woodbridge, J., Anderson, H.S., Ahuja, A., Endgame, and D.G.: Detecting Homoglyph Attackswith a Siamese Neural Network 10. Saxe, J., Berlin, K.: eXpose: A Character-Level Convolutional Neural Network with Embeddings for Detecting Malicious URLs, File Paths and Registry Keys (2017)
Shima, K., et al.: Classification of URL bitstreams using Bag of Bytes (2018)
Vazhayil, A., Vinayakumar, R., Soman, K.: Comparative Study of the Detection of MaliciousURLsUsingShallowandDeepNetworks.In20189thInternationalConferenceonComp uting, Communication and Networking Technologies (ICCCNT), pp. 1–6 (2018
Epishkina, A., Zapechnikov, S.: A syllabus on data mining and machine learning with applications to cybersecurity. In 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), pp. 194–199 (2016)
Zhang, X., Zeng, Y., Jin, X.-B., Yan, Z.-W., Geng, and G.-G.: Boosting the phishing detectionperformance by semantic analysis. In 2017 IEEE International Conference on Big Data (Big Data), pp. 1063–1070 (2017)
Vanhoenshoven, F., Napoles, G., Falcon, R., Vanhoof, K., Koppen, and M.: Detecting maliciousURLs using machine learning techniques. In 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–8 (2016)
Chen, W., Zhang, W., Su, Y.: Phishing Detection Research Based on LSTM Recurrent NeuralNetwork, pp. 638–645. Springer, Singapore (2018)
Zhang,J.,Li,X.:PhishingDetectionMethodBasedonBorderline SmoteDeepBeliefNetwork,pp. 45–53. Springer, Cham (2017)
Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., Zhu, T.: Web Phishing Detection Using a Deep Learning Framework. Wirel. Commun. Mob. Comput. 2018, 1–9 (2018)
Aksu, D., Turgut, Z., Üstebay, S., Aydin, M.A.: Phishing Analysis of Websites Using Classification Techniques, pp. 251–258. Springer, Singapore (2019)
Zhao, J., Wang, N., Ma, Q., Cheng, Z.: Classifying Malicious URLs Using Gated RecurrentNeural Networks, pp. 385–394. Springer, Cham (2019)
