By: Valerie Boscia

PHISHING

PHISHING OVERVIEW

• Pronounced “fishing”

• To Phish: defined by the Oxford English Dictionary as “To perpetrate a fraud on the internet in order to glean personal information from individuals, esp. by impersonating a reputable company; to engage in online fraud by deceptively ‘angling’ for personal information”.

ORIGINS

• The first recorded instance of phishing occurred in 1995 through America Online (AOL).

• The phishers involved would pretend to be AOL workers notifying users of their need to update their billing information.

• Users would send these phony administrators their personal information and in turn be submitted to fraudulent activity.

EVOLUTION OF PHISHING

• With the improvement of technology also came the improvement of phishing scams.

• Between 2003-2005, the amount of phishing scams being sent out increased greatly.

• Banks and other financial institutions began to be framed which caused distrust in their customers.

• Patrons would receive emails (seemingly) from their banks requiring validation of account information, and instantly be victimized by phishers.

LATEST PHISHING SCHEME

• In 2015, the FBI revealed the most recent phishing scheme that has been sent out.

• Called “the Business Email Compromise (BEC)”

• Phishers impersonate highly ranked corporate executives belonging to companies, and send personalized emails to workers who have access to financial accounts of the business.

• They ask for urgent wire transfers, and the workers rush to get it done due to the importance of the executive being impersonated.

HOW TO PREVENT THE BEC

• Companies can require a dual-step authentication when a request for monetary transfer is filed.

• The person contacted to transfer the money can contact the executive requesting the transfer via a known email or phone call, to make sure that it is a legitimate request.

OTHER FORMS OF PHISHING PREVENTION

• Check for spelling or grammatical errors. When major companies send out mass emails they have a team of staff members proofread them so they do not usually contain errors of these sorts.

• Hover over any links in the email with the cursor, and the link that appears will show the true destination. If it does not match the initial link or pertain to the legitimate company website, it is most likely spam.

• Beware of links with .exe file extensions, as these are known to contain malicious software.

PREVENTION CONTINUED

• Download accessible security that is available online or as toolbars on internet browsers.

• Never reply to phishing emails, call phone numbers listed within them, or click links contained within them.

• Always delete emails right away when it is discovered that they are a phishing scam.

REFERENCES• Abbasi, Ahmed, Fatemeh “Mariam” Zahedi, Daniel Zeng, Yan Chen, Hsinchun Chen,

and Jay F. Nunamaker. 2015. "Enhancing Predictive Analytics for Anti-Phishing by Exploiting Website Genre Information." Journal Of Management Information Systems 31, no. 4: 109-157. Computer Source, EBSCOhost (accessed December 1, 2015).

• Akerlof, George A., and Robert J. Shiller. 2015. Phishing for phools : the economics of manipulation and deception. n.p.: Princeton : Princeton University Press, [2015], 2015. Penfield Library Catalog, EBSCOhost (accessed December 1, 2015).

• James, Lance, and Joe Stewart. 2005. Phishing exposed. n.p.: Rockland, MA : Syngress, c2005., 2005. Penfield Library Catalog, EBSCOhost (accessed December 1, 2015).

REFERENCES (CONT)• "How to Recognize Phishing Email Messages, Links, or Phone Calls." What Is

Phishing. 2014. Accessed December 3, 2015. https://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx.

• "Phishing | OnGuard Online." Phishing | OnGuard Online. September 1, 2011. Accessed December 3, 2015. https://www.onguardonline.gov/phishing.

• Rabkin, Jeff, Shireen M. Becker, Jonathan Little, Sheila L. Shadmand, Rasha Gerges Shields, Gregory P. Silberman, and Olivier Haas, et al. 2015. "Phishing for Corporate Dollars: The Emerging Global Threat Posed by Spear Phishing and Business Email Compromise." Venulex Legal Summaries 1-6. Business Source Complete, EBSCOhost (accessed December 1, 2015).