Add to collection(s) Add to saved
  1. No category
Uploaded by manatee_subnets.0i

Evolution of Phishing

advertisement 
Evolution of Phishing
Table of Contents:
1. Summary
2. Origin
3. How it was used in the past
4. How it’s used in the present
5. How it’ll possibly be used in the future
6. Preventions
7. Conclusion
Summary
Phishing has been around for years. Even before technology people have used phishing
methods to trick people. Whether it was a peasant on the street, or someone in royalty. The
general method is the same but has evolved with technology. Phishing scams are hard to defend
against, as no program can be made to take complete human error into consideration. That’s
where phishing scams strength come into play. Regardless of how careful you try to be, one
simple click by an employee paves the way to disaster. Thousands of companies and people have
lost money due to these scams. They’ve become more cunning and blend much better than how
they used to be. Evolving from an obliviously fake email to an SMS that causes even
cybersecurity specialists to be deceived.
Origin
Originating in the late 90s, phishing emails became relevant once internet access became
widely available to the public. One company by the name of America Online (AOL) was one of
the largest internet service providers, this caught the attention of hackers as they saw AOL as a
gold mine. Millions of unaware users, along with the internet still being relatively young made
the perfect environment for hackers to take advantage. Thus, the Warez Community formed,
consisting of hackers with one motive…to scam as many users as possible on AOL. (History of
Phishing)
Used in the Past
In the earlier years, phishing emails were still relatively easy to detect, but once sites like
eBay, PayPal, Amazon, etc. were created, it’s made phishing emails far more likely to occur. In
2001, a website called E-Gold opened. It allowed users to transfer E-gold (essentially a crypto)
to other accounts. Hackers saw this as an opportunity to really hit peoples bank accounts and
become rich. The website had a very weak verification system that allowed just about anyone to
gain access to a user’s account. Phishing emails rose tremendously, as there was no two-step
verification or a verification app, to verify who’s accessing the account. User accounts were
being drained of money. This was just the beginning, as companies started to become aware of
phishing scams and implement countermeasures, scammers also acted.
Around 2004, Scammers started making fake domains, mimicking popular domains like
eBay and PayPal. They would then alert users via email that their credit card information needed
to be updated. Unaware users were tricked, as the fake domain almost looked 1:1 to the real one.
Another tactic that was being used was popup windows, they’d infect a real domain with code. A
user enters the domain, sees the popup that tells them they have a virus, the user panics and
follows the steps. These steps typically involve entering credit card info or giving payment.
Example of popup scam
window, the average user
still falls prey to these
today. Now imagine in
the year 2004 when the
internet was still new.
Used in the Present
The tactics used in the past never left, they are still used today, they’ve just evolved to
match our current technology. The COVID pandemic pushed many users to become more
technology dependent. Whether it was an increase in gaming consoles, laptops, etc. A significant
rise of technology was seen in households. Phishing scammers saw this opportunity just as they
did with AOL, it just became who could come up with the best method. Phishing scams have
evolved to not only consist of emails, but SMS messages and messages sent through social
media, and gaming consoles. Phishing SMS messages look very realistic, it is to no surprise that
many fall into their traps. Consisting of elements that many, even those who are technology
literate must do a double take to ensure that it is not a scam. In 2013, Target encountered a data
breach that was caused by a phishing scammer tricking a user from a third-party client to enter in
their information. Who knows how realistic that email may have looked. The damage that it did
was severe, and millions of user credentials such as credit card information was leaked onto the
black market. Another example is Rockstar studios, the creators of GTA had their source code
leaked for an upcoming title. This was due to a phishing scammer creating a false email that
looked like a slack notification. The email told the user to update their password, and the
scammer got the username and password, gaining access onto Slack. They proceeded to leak the
upcoming title GTA 6’s source code. This was a huge blow to Rockstar as competitors can now
mimic their game.
Although, companies are more aware than ever about phishing scams, with dedicated
months for cybersecurity, along with stricter verification processes, phishing scammers still find
a way, they just shift their demographics. Targeting younger and older generations, as those two
demographics are the ones most vulnerable to phishing scams. It is a very simple algorithm, all
they need to do is find social media sites with primarily older people such as Facebook, and mass
send phishing messages. Out of the thousands sent, it is ensured that at least a dozen will fall for
it. The same rule applies when targeting younger generations. In this case, a game like Roblox
which is targeted towards younger people is a breeding ground for phishing scammers. It is a
simple as sending a message to a possible victim ensuring you’ll give them the best gear if they
follow a link and enter some information, and boom you’re in. It will only get worse as we
become more dependent on technology.
Below are examples that I’ve personally encountered:
Example of a
message sent to
me. I did have a
package on the
way but not
through UPS.
I do not have
an account
with Citizens
Bank
I did not
order a
package at
the time.
Cleverly disguised as a
bank notification,
luckily, I don’t have an
account with Bank of
America.
Also, the domain
name is from Central
African Republic
Possible Uses in the Future
As humanity pushes towards an even more technological dependent future, it will
become even more dangerous. With talks of the Metaverse, a virtual reality world that major
companies such as Microsoft and Google are pushing for, our digital footprints and identities
will be entirely online. This poses a threat as this will be the next gold mine for phishing
scammers. Instead of phishing scams being an external threat through SMS or email, it will now
be in the very world that our identity lives in. For example, a possible way to phish someone in
the Metaverse can be anything from simply interacting with someone. The scammer can give the
user an item that’s coded to take information from a user. Once the user activates the item, their
information can be stolen. The list goes on with how many ways phishing scammers can scam
people through the Metaverse. These companies need to realize that phishing scams will be
occurring at even higher rates than they do now once the Metaverse is implemented. Necessary
precautions must be taken to prevent severe damage from occurring. If transactions are to occur
over the Metaverse than it must be ensured that scammers won’t be able
Preventions
The best way to prevent phishing scams is to continuously educate people about them.
Knowledge on how to prevent phishing emails needs to be taught in schools for children and
teenagers to understand how to identity them. When creating accounts with websites that store
personal information, the user should take a short mandatory phishing course. Something that
takes a couple of minutes and ensures the user understands how to spot a phishing scam. This
should mainly apply to sites that store personal information such as banks, government websites,
etc. Although these methods will still not be 100% foolproof and phishing scammers will still be
able to find a way to scam users. Users should at least be able to keep in their mind that whatever
message, email, etc. they may be opening can possibly lead to their identity being stolen.
Another way that can prevent phishing, is for pattern type programs to be implemented.
These should take the most common domains that are typically associated with phishing scams
and have red flags raised when users receive them. Users will also be able to report phishing
scams that get through the program to help it recognize more patterns. Although there will be
false alarms, it is better than to allow a red flag through. Gmail currently has a system in place
that’s very similar to this idea, but it needs to be expanded over onto mobile carriers. To help
prevent phishing scams through SMS.
Mandating two-factor authentication. Currently, this is one of our strongest defenses
against phishing scams. Considering that the scammer cannot simply access the account with just
the users’ credentials, they also need to verify with a third-party verification app like Duo. Twofactor needs to be enforced across all sites, and apps. The number of phishing scams will be
reduced tremendously, considering they’ll also need to go through the second step process.
None of these methods are 100% successful as human error can always occur. At the very
least, these methods will bring us very close to that 100%.
Conclusion
Phishing scams aren’t going anywhere. Phishing scammers have always existed and will
continue to exist. So, if there are users on the web, there will be a phishing scammer. As we
progress forward, so should our awareness of these scammers. More preventions need to be
imbedded, but human ignorance is the worst enemy. As no number of preventions can protect
against ignorance towards phishing scams.
Sources
History of phishing: How phishing attacks evolved from poorly constructed attempts to highly
sophisticated attacks. PhishProtection.com. (2021, October 25). Retrieved November 28,
2022, from https://www.phishprotection.com/resources/history-of-phishing/
KnowBe4. (n.d.). History of phishing. Phishing. Retrieved November 28, 2022, from
https://www.phishing.org/history-of-phishing
Related documents
Cardholder Alert: How to Avoid Phishing Scams
Cardholder Alert: How to Avoid Phishing Scams
IANKIM
IANKIM
MALICIOUS ATTACKS What is Phishing?
MALICIOUS ATTACKS What is Phishing?
Security Awareness for ISACA
Security Awareness for ISACA
The following malicious email was received by members of the
The following malicious email was received by members of the
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann
Download
advertisement