Cyber Criminal’s Effective Human-Scale Methods

As we use publicly accessible services, whether it is an airline, a bank, or a government transaction – we are at the mercy of their data handling procedures and protocols. Such systems can be taken over or hacked from the inside and the outside, as many systems today are publicly connected to the Internet. We always leave a digital mark wherever we go in the online world, with online services of the various function get a slice of the information pie we provide.

No company too big that it cannot be a victim of cybercrime, as there is money to be made from personally identifiable information. In the age of Big Data, the soul of all for-profit company is using data itself, immeasurable with any currency that exists. As the world becomes more Internet-savvy, the public must cast a wary eye on emails that are delivered to their inboxes. Scam artists have a new creative outlet for attempting to gather information, and it is called phishing. As is the case with any scam, phishers use all the basic human needs and desires to manipulate victims; including fear and anxiety.

Phishing has been described as a type of social engineering with the goal of gaining confidential or sensitive information through the guise of a trusted source. The communications are not just limited to emails, however. Fraudulent links, websites, and other communications also put Internet users at risk. New scams continue to be developed and gain in sophistication. It is imperative that researchers find out as much information as possible regarding the underlying factors that contribute to a person falling victim to a phishing attack so that users can be educated in order to prevent future attacks.

Education is a key component of preventing phishing attacks. Helping to ensure end users remain cautious can directly reduce loss associated with mass attacks such as phishing. Those with advanced IT skills will be more likely to speak with their community regarding threats and be more apt to engage in protective activities. This research proposes that subjects without phishing training that receive phishing communications that are high in threat will accept the communications and fall victim to phishing attacks. Those subjects that receive phishing training and receive phishing communications that are low in threat will reject the communications and not fall victim to phishing attacks.

Whilst each antivirus vendor is continually promoting their product and releasing updates on an almost daily basis, consumers are still falling victim to malware attacks. One of the threats facing consumers is the constant evolution and revolution of malware and non-malware exploits such as phishing above. Registry changes can include disabling antivirus and firewall software and the Microsoft Windows update mechanism. Auto start capabilities are generally changes made to the registry to ensure that the malware is activated each time the computer is restarted. Security settings are often changed in the browser so that more malware can be downloaded from sites without warnings displayed to the user.

Whilst numerous factors may be important when choosing an antivirus product including ease of updates, support, and the user interface, but still, nothing defeats user-education.