Header Credit: Pixabay
Is phishing evil? well, mostly, yes. Let me explain:
What is Phishing?
Cisco Systems, an American technology company operating worldwide, best known for its computer networking products, tells us that phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source, usually taking advantage of a user’s possible lapse in decision-making.
Thus it is amongst the oldest forms of social engineering: tricking someone into giving something they have or something they know, to be used maliciously. Today, this kind of attack usually is performed by email, either to steal sensitive information or install malwares on the victim’s computer, maybe even the company’s server.
Why is it dangerous?
To adequately protect useful information an array of countermeasures must be deployed to prevent unauthorized access. That, if left unchecked, may weaken many systems. Such compromised systems pose a great risk to the company (or society) that depends on them.
Servers that control the power grid, water system, traffic control, emergency response or police enforcement are some of the critical systems that may be rendered unavailable if a phishing attack is let through.
Down to the personal level, a phishing attack may steal personal information and credentials so an attacker may impersonate the victim on online purchases or social media posts, denting the victim’s reputation.
How to prevent | mitigate?
It depends on who the attacker is. The simplest form of phishing has been relatively suppressed by technological means, like spam filtering pre-sets. These are easy to prevent with updated systems.
More sophisticated forms of phishing are hard to be interrupted by technology alone and will continue to succeed regardless. Only a continuous effort in education may prevent these high customized phishing attacks.
Finally, technical proficiency is a factor in cybercrime victims. Low complexity attacks may be preventable with tech and will mostly target many people. High complexity attacks may be halted with education, making less technical proficient victims more prone to these attacks.
Come again, is it evil?
Mostly, yes. In the summary of “Introduction to Homeland Security: Understanding Terrorism Prevention and Emergency Management”, McEntire urge us to recognize the possible devastation that may result if nuclear weapons are acquired by terrorist. In that case, would phishing those terrorists be evil? Would it not? I let you decide.
Are your credentials REALLY secured? | Credit: Tima Miroshnichenko
- Cisco [online]. Available at: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html (Accessed: 22 February, 2021);
- Encyclopaedia Britannica [online]. Available at: https://www.britannica.com/topic/Cisco-Systems-Inc (Accessed: 22 February, 2021);
- Ghazi-Tehrani, A.K. and Pontell, H.N., 2021. Phishing Evolves: Analyzing the Enduring Cybercrime. Victims & Offenders. [online]. Available at: https://www.tandfonline.com/doi/full/10.1080/15564886.2020.1829224?scroll=top&needAccess=true (Accessed: 22 February, 2021);
- Image by Tima Miroshnichenko (2020) [online] Pexels. Available at: https://www.pexels.com/photo/woman-in-black-hoodie-holding-camera-5380665 (Accessed: 24 February 2021);
- Image Header by Pixabay (2016) [online] from Pexels. Available at: https://www.pexels.com/photo/application-blur-business-code-270408/ (Accessed: 23 February 2021);
- ISO 27.000 Family [online]. Available at: https://www.iso.org/search.html?q=27000&hPP=10&idx=all_en&p=0&hFR%5Bcategory%5D%5B0%5D=standard (Accessed: 22 February, 2021);
- Microsoft Support [online]. Available at: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44 (Accessed: 22 February, 2021);
- Ramadan, R.A., Aboshosha, B.W., Alshudukhi, J.S., Alzahrani, A.J., El-Sayed, A. and Dessouky, M.M., 2021. Cybersecurity and Countermeasures at the Time of Pandemic. Journal of Advanced Transportation, 2021. [online]. Available at: https://www.hindawi.com/journals/jat/2021/6627264/tab3/ (Accessed: 22 February, 2021);
- Security mistakes [online]. Available at: https://www.computerworld.com/article/2582953/top-10--security--mistakes.html (Accessed: 22 February, 2021);
- Summary of Introduction to Homeland Security [online]. Available at: https://books.google.com.br/books?id=CdJoDwAAQBAJ&pg=PA337&lpg=PA337&dq=%22phishing+terrorism%22&source=bl&ots=Gm0XHBHMd0&sig=ACfU3U3g8ELamn52YWnvNTymTMijwQSRzQ&hl=en&sa=X&ved=2ahUKEwj14YrYyP7uAhV4F7kGHUrJBAcQ6AEwBXoECAkQAw#v=onepage&q=%22phishing%20terrorism%22&f=false (Accessed: 22 February, 2021).