China
Africa
Explore chapters and articles related to this topic
IoT Security Frameworks and Countermeasures
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
G. Bendiab, B. Saridou, L. Barlow, N. Savage, S. Shiaeles
Phishing is a kind of cyber-threat in which cybercriminals try to steal sensitive information (e.g., login credentials and credit card numbers) or install malware on the victim devices using deceptive e-mails, websites, or text messages [13]. Phishers typically employ social engineering techniques to masquerade themselves as trusted entities to gain the trust of the victims and duping them into opening malicious emails (“malspam”), or text messages (“spoofs) that imitate a person or a trusted organization (e.g., bank, government office, etc.) [14]. The recipient is then tricked into clicking a malicious link, which can lead to damaging losses in terms of identity theft, sensitive intellectual property and customer information, and even national-security secrets [14]. It can also lead to locking a system as part of a ransomware attack or installing a malware that can be used by cybercriminals for conducting further attacks like DDoS.
Digital Transformation and the Cybersecurity of Infrastructure Systems in the Oil And Gas Sector
Published in Edward Ochieng, Tarila Zuofa, Sulafa Badi, Routledge Handbook of Planning and Management of Global Strategic Infrastructure Projects, 2020
Another type of attack targets the network boundary (or nodes). Here vulnerability and attacks occur when there are multimedia and smartphone device interfaces integrated into the network. Another factor is that the network could run weak defences such as firewalls and intrusion detection/prevention systems (IDS/IPS). IDS/IPS are controls that analyse and monitor network traffic for abnormal behaviour and deny any traffic based on a security profile (Radmand et al., 2010). Moreover, phishing attacks where an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party are also increasing (Jagatic et al., 2007, p. 94). Phishing typically involves a malicious email campaign that encourages the victim to click a link, sign into a spoof website, or provide confidential financial information. Therefore, oil and gas organisations need to focus their effort on counteracting such attacks (Chen et al., 2016).
Security Threat Analysis and Prevention towards Attack Strategies
Published in Gautam Kumar, Dinesh Kumar Saini, Nguyen Ha Huy Cuong, Cyber Defense Mechanisms, 2020
Phishing is a message-based (especially electronic mails) threat which constitutes of tricking the end-user into exposing private data or luring to download malicious software by following a link sent with the email. The email is drafted in a way to make the recipient believe the source and trust the sending entity. Once the recipient is lured into the content, they are coaxed into providing private information or forced to download malware onto the target’s computer. A common example is a mail containing prize winning notification and requesting bank details for follow-up on receiving the winnings.
Simulated Phishing Attack and Embedded Training Campaign
Published in Journal of Computer Information Systems, 2022
William Yeoh, He Huang, Wang-Sheng Lee, Fadi Al Jafari, Rachel Mansson
Phishing attacks are causing multibillion-dollar losses to businesses and individuals.1 Phishing is the process of attempting to obtain valuable information, such as login credentials and credit card details, and can result in prominent payoffs for cybercriminals in terms of money or valuable data.2 Most people have at least one online account that contains sensitive data, such as financial, health, or personal information.Olmstead and Smith3 Since the COVID-19 pandemic, the threat of phishing has become even more serious because the distractions of home offices can make employees more susceptible to phishing e-mails. Recently, three higher education institutions in the United States were targeted by cybercriminals using ransom tactics.4 Many of these ransomware attacks began with a phishing e-mail.4
Phish Me, Phish Me Not
Published in Journal of Computer Information Systems, 2022
Bartlomiej Hanus, Yu Andy Wu, James Parrish
Phishing is an act of sending a forged e-mail (e.g., using a bulk mailer) to an individual or a group of individuals, in which a phisher (i.e., a person who sets up a phishing scam) attempts to lure their victim into disclosing private information, such as credit card numbers, logins, passwords, etc. Typically, the fake e-mail closely imitates a legitimate entity to gain the recipient’s trust.1 More recently, phishing campaigns tend to also include links to malware, in addition to traditional credential harvesting.2 Experts agree that phishing remains an unresolved headache for most organizations.3–6 According to State of the Phish report,7 76% of that study’s participants have experienced phishing attacks, with small organizations – rather than large ones – being the more likely targets of attacks.8
Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter?
Published in Journal of Computer Information Systems, 2021
Hamidreza Shahbaznezhad, Farzan Kolini, Mona Rashidirad
Information security and cybersecurity are amongst the biggest concerns in the organizational and societal context. Organizations and individuals substantially invest in security safeguards to protect the integrity, availability, and confidentiality of information assets. However, recent studies confirmed that these safeguards are not adequate to provide the ultimate protection of sensitive and confidential information.1 According to Verizon Data Breach Investigation Report (DBIR),2 over 30% of breaches are caused by phishing attacks and reported that the cost of ransomware is estimated over 8 USD billion globally. Phishing attack, as a social engineering technique is designed to bypass technical countermeasures by using e-mails, social networks, or search engine poisoning and mobile apps.3 Phishing attacks exploit the target’s cognitive biases and motivate them to rely on their heuristics behaviors and persuade targets to act by creating senses of urgency, fear of loss, or importance. Phishing e-mails are often crafted carefully to convince individuals to visit a bogus website, which can lead to a harvest of sensitive information (e.g., login credential, credit card numbers), installation of malware, ransomware, or remote access tool.4