THE PROBLEM OF PHISHING AND ITS IMPACT ON AMERICAN BUSINESSES

Subject: Report on the problem of phishing and its impact on American Businesses

Phishing problems and their impact on American Businesses within the United States are discussed herein. Phishing attacks continue to increase because of the increased use of technological innovations, both economically and technologically. Some of the considerable resources required for executing such attacks are easily accessible within the public and private sectors. Besides, it is essential to note that the internet’s uptake and use continue to increase each day significantly, making it easier for people to share their details online easily. Therefore, much personal information with their financial transactions is exposed to cybercriminals. Phishing attacks form part of the intricate web of cybercrime, enhancing criminal activities through deception and data stealing. Since the first incidence of phishing in the early 1990s, the crime has evolved into a sophisticated attack.

Today, phishing is considered the most common and vicious cybercrime. The subsequent effects of phishing include the severe loss of personal information and loss of data by companies and government institutions. This report seeks to identify the phishing problem and its impact on American businesses using primary and secondary sources.

This report was developed to discuss and analyze the phishing problem and its impact on American businesses. The results from the research undertaken herein assert that phishing continues to be a significant problem affecting individuals and organizations. The research findings are categorized into four categories:

  • Phishing definition and why it is a problem
  • Impacts on American businesses
  • Common characteristics associated with phishing
  • Tackling phishing.

 

Thank you for taking the time to read the report. In case of any questions, please feel free to contact me by phone at 920-850-5269 or by email at 300075790@fvtc.edu.

Sincerely,

Elijah

TABLE OF CONTENTS

EXECUTIVE SUMMARY.. 4

INTRODUCTION.. 6

BACKGROUND.. 7

DISCUSSION OF FINDINGS. 9

Phishing definition and why it is a problem.. 9

Why is it a problem?. 11

Phishing impacts on American businesses. 12

Financial loss. 12

Intellectual property loss. 13

Reputation damage. 13

Business disruptions. 14

Common characteristics associated with phishing. 14

Countermeasures for dealing with phishing attacks. 15

Human education. 15

Technical solutions. 16

CONCLUSIONS AND RECOMMENDATIONS. 16

WORKS CITED.. 18

LIST OF FIGURES. 19

EXECUTIVE SUMMARY

The digital environment continues to expand and evolve, and so do cybercriminals, who have harmed many individuals over the years via the illicit exploitation of various digital assets and variables. Identity theft is one of the most popular kinds of cybercrime among internet users; it involves impersonating others to obtain their personal information. Cybercriminals have advanced their modes of information-stealing by introducing social-engineering techniques. Phishing attacks are the most common form of social engineering and have become the biggest concern for most internet users because of their susceptibility to losing their sensitive personal information. In phishing, most executors of the attacks rely on various techniques to redirect their users to websites that can easily be manipulated using embedded links.

The data provided within this report were extracted from various peer-reviewed academic journals and articles. Most of the pieces of literature were retrieved from accredited websites. The statistical data presented herein were collected from recently published journal articles. The paper limited the research to articles and journals published from 2018 onwards.

The results from the research undertaken herein assert that phishing continues to be a significant problem affecting individuals and organizations. The research findings are categorized into four categories: (a) Phishing definition and why it is a problem, (b) impacts on American businesses, (c) common characteristics associated with phishing, and (d) tackling phishing.

The analysis of information within the report on the problem of phishing and its impact on American businesses led to the following conclusions and recommendations:

  • Phishing attacks are the most common form of social engineering and have become the biggest concern for most internet users because of their susceptibility to losing their sensitive personal information. In phishing, most executors of the attacks rely on various techniques to redirect their users to websites that can easily be manipulated using embedded links. Also, attackers could use other mediums to undertake the attacks, such as the use of Voice over IPs, the use of short messages, and the use of instant notifications.
  • Phishing is considered a real-life problem because it affects individuals and organizations directly, making them more vulnerable, exposing their employees and attacking all their existing malware protection measures. Phishing bypasses all existing measures making it possible for cybercriminals to gain access to personal and confidential information globally.
  • When an organization experiences a phishing attack, monetary costs and loss are the first impacts and unfortunate effects. The direct monetary losses recorded because of phishing are proportionate to the attack’s impact on customers’ information.
  • Phishing attacks often result in intellectual property losses because of a successful phishing campaign. During a phishing attack, trade secrets, formulas and new developments are all compromised.

INTRODUCTION

Many people, organizations and consumers have embraced online commerce in recent years, making them susceptible to cyber-attacks such as phishing. Okpa et al.(462) note that phishing is stealing or taking people’s information to defraud them of their hard-earned money. Phishing has become a significant criminal act globally. Much progress has been made in recent years in identifying threats and enlightening organizations and consumers on existing countermeasures. However, there is an increase in phishing attacks, especially the mode of the attacks and the complexity of their activities. It is also imperative to note that phishing negatively affects businesses and the country’s economy because of significant financial losses experienced by various organizations and consumers. Furthermore, there is decreased confidence in the use of e-commerce platforms.

Phishing attacks continue to increase because of the increased use of technological innovations, both economically and technologically. Some of the considerable resources required for executing such attacks are easily accessible within the public and private sectors. Besides, it is essential to note that the internet’s uptake and use continue to increase each day significantly, making it easier for people to share their details online easily (Kolley,2). Therefore, much personal information with their financial transactions is exposed to cybercriminals. Phishing attacks form part of the intricate web of cybercrime, enhancing criminal activities through deception and data stealing. Since the first incidence of phishing in the early 1990s, the crime has evolved into a sophisticated attack.

Today, phishing is considered the most common and vicious cybercrime. The subsequent effects of phishing include the severe loss of personal information and loss of data by companies and government institutions. This report seeks to identify the phishing problem and its impact on American businesses using primary and secondary sources.

This report was developed to discuss and analyze the phishing problem and its impact on American businesses. The report seeks to focus on the following questions

  • What is phishing?
  • What are some real-world phishing examples?
  • How do we tackle the issue of phishing?
  • What is the prevalence of phishing?
  • What are the impacts of phishing on American businesses?
  • How do you deal with phishing?

BACKGROUND

The digital space continues to expand and evolve, and so are cybercriminals who, over the years, have relied on the illegal application of various digital assets and factors to cause harm to multiple people. According to Esmat et al.(791), one of the most prevalent forms of cybercrimes among internet users is identity theft, impersonating other people’s identities intending to steal their personal information. Kumar et al. (486) note that cybercriminals have advanced their modes of information-stealing by introducing social-engineering techniques. Phishing attacks are the most common form of social engineering and have become the biggest concern for most internet users because of their susceptibility to losing their sensitive personal information. In phishing, most executors of the attacks rely on various techniques to redirect their users to websites that can easily be manipulated using embedded links. Also, attackers could use other mediums to undertake the attacks, such as the use of Voice over IPs, the use of short messages, and the use of instant notifications.

Most victims of such social engineering techniques lack formal training or knowledge of internet use and are unaware of technical vulnerabilities. Moreover, Internet users’ susceptibility varies based on one’s attributes and phishing awareness levels. Therefore, it suffices to note that phishers exploit the human aspect of internet use to hack and obtain personal information using intricate technologies. Thus, even though most cases of phishing attacks are attributed to the human element of it, technology also plays a critical part in its prevalence (Kumar et al.,486). Besides, various characteristics and attributes of people make them susceptible to being lured. For example, greediness and the tendency for one to obey multiple rules make them easy to be victims of various phishing issues.

Attackers use multiple channels to lure most of their victims into the scams, both directly and indirectly. Most of these channels make it easy for them to access various sensitive and personal information. Besides financial losses, phishing attacks could damage reputation and security compromises. Cybercrimes, including phishing attacks, cost up to $6 trillion in annual losses (Esmat et al.,792). Even though phishing attacks are common within organizations, they also affect individuals. They usually result in the loss of reputation, reduced productivity levels, and increased costs in recovering the lost information and reputation.

The data provided within this report were extracted from various peer-reviewed academic journals and articles. Most of the pieces of literature were retrieved from accredited websites. The statistical data presented herein were collected from recently published journal articles. The paper limited the research to articles and journals published from 2018 onwards.

DISCUSSION OF FINDINGS

The results from the research undertaken herein assert that phishing continues to be a significant problem affecting individuals and organizations. The research findings are categorized into four categories: (a) Phishing definition and why it is a problem, (b) impacts on American businesses, (c) common characteristics associated with phishing, and (d) tackling phishing.

Phishing definition and why it is a problem

There are various definitions of phishing; as such, the concept is unclear because it keeps evolving. Kumar et al. (486) defines phishing as the process of lying or tricking someone into undertaking a desired course of action, both in action and its use. Kolley (3) believes that phishing can only occur through a website. Okpa et al.(462) define phishing as an online form of theft that seeks to steal information using their passwords through social skills. On the other hand, Rendall (4540) defines phishing as a criminal act combining social and technical social engineering skills to commit an offense. The figure below depicts the actual process of phishing attacks.

Figure 1: The process of phishing.

As depicted in the figure above, phishing occurs in various stages, beginning with collecting data or information about the primary target in the provided case. After that, the phisher or attacker chooses a specific method that they want to use to initiate their attack. After collecting data, the second phase involves preparation to undertake the attack through exiting vulnerabilities that can trap the victim (Thomas,5).

Some notable phishing attacks include the following instance where an attacker intended to undertake an attack through their mailbox. In the screenshot illustrated below, the phisher used disguised messages of importance to trick the victim into divulging their secretive personal information. The email, in this case, had an embedded URL link that opened another website or link (Kolley,4).

Figure 2: A real-life example of phishing.

Why is it a problem?

Phishing is considered a real-life problem because it affects individuals and organizations directly, making them more vulnerable, exposing their employees and attacking all their existing malware protection measures. Phishing bypasses all existing measures making it possible for cybercriminals to gain access to personal and confidential information globally. According to Kumar et al. (486), phishing is one of the most common forms of cybercrime today, with its frequency increasing significantly from 114,702 reported cases in 2019 to 241,324 in 2020. According to Miranda (5), there are more phishing complaints today than in recent years.

Similarly, Esmat et al. (791) note that the frequency and number of phishing attacks continue to increase. For instance, in 2013, the RSA security organization reported that up to 450,000 phishing websites accounted for $5.9 billion in losses. Ever since then, the number of phishing attacks and cases has increased significantly to account for more financial losses within the business environment.

Phishing impacts on American businesses

Phishing attacks impact American businesses and organizations in various ways. The impacts on the organizations vary based on the size of the organization and the volume of information they have. Some notable impacts of phishing attacks include intellectual property loss, financial loss, reputation damage and business disruption.

Financial loss

When an organization experiences a phishing attack, monetary costs and loss are the first impacts and unfortunate effects. The direct monetary losses recorded because of phishing are proportionate to the attack’s impact on customers’ information. Thomas (9) notes that there is always a financial hemorrhage or loss from every phishing attack. First, there is the direct loss of money by customers that got duped by the attackers into sending money. Also, there are fines for organizations that do not comply with the regulatory bodies’ safeguarding of personal information (Al-Fayoumi et al.,488). The other factors that result in money loss are fines and costs involved in investigations to determine the breach within the organization and compensation of customers who were easily duped into losing their money. According to a Crimes Report, as of 2018, phishing attacks accounted for up to 1.2 billion-dollar losses (Miranda,4).

Intellectual property loss

Besides financial losses, phishing attacks often result in intellectual property losses because of a successful phishing campaign. During a phishing attack, trade secrets, formulas and new developments are all compromised (Miranda,5). Technological or research companies stand to lose their projects and drug patents through phishing attacks. That means the loss of millions of research money and expenditures. The loss of intellectual property rights is the most damaging of all the losses because while one can recover from a financial loss, losing billions in projects and research is hard to recover.

Reputation damage

Most organizations are usually reluctant to state that they have experienced a phishing attack because of the level of damage it has on their reputation. That is more common when it involves a malicious bug. Phishing attacks normally take time to deal with or rectify. Bugs force organizations to go offline or shut down to restore various systems, which could ultimately result in decreased productivity levels. Most organizations refrain from stating that they just had an attack because disclosing such information will cause harm to their brand image and damage customers’ trust in the organization (Thomas,10). Once customers lose confidence in the organization, it will not be easy for them to restore it and create value in the brand. It is also imperative to note that such attacks will push investors away, harming their reputations greatly. With both damages to the organization and the customers, phishing attacks could ultimately result in losing millions of dollars in capitalization.

Business disruptions

As mentioned earlier, phishing attacks of any kind cause business disruptions. It is not easy for an organization to keep running after they have experienced any form of a phishing attack. More so when it involves a malicious bug. The bug forces the organization to shut down and operate offline to eliminate the bug. The down shutting process reduces the employees’ productivity levels because they become idle while waiting for the organization to deal with the bug (Al-Fayoumi et al.,490). The business interruption affects logistics, transportation, and the organization’s critical infrastructures.

Common characteristics associated with phishing

There are common characteristics that are attacked by phishing attacks. These characteristics were mostly picked from repeated phishing attacks targeting American businesses. Some common characteristics of phishing include having a sense of urgency, requesting interaction away from the recipient’s mail, and their emails are often considered or classified as important (Miranda,6). Essentially, such emails are disguised as coming from important organizations. The emails often contain embedded links that request some form of payments or various transactions to obtain their bank information and details: the messages and phishing techniques always demand attention from the victims.

Some of the common supplanted techniques used in phishing attacks involve targets on asset inventories, changes to human health benefits, and security alerts on and off Twitter. Similarly, requests to update email addresses for subscriptions, confirmation of payments and security upgrades requests.

 

Figure 3. Common techniques used for phishing attacks.

Countermeasures for dealing with phishing attacks

A range of countermeasures can be used to overcome various problems and issues of phishing, but no single one is considered the sole solution to the problems. Some of the notable solutions include human education and the application of various technical solutions.

Human education

Human education plays a critical role in preventing future phishing attacks. Through education, humans are trained and enlightened on existing or emerging forms of phishing attacks within the business environment. Thomas (2) notes that end-user education is important in reducing susceptibility to phishing attacks. Complimenting human education and technical solutions applications help combat recurring attacks. Given that most phishing attacks are perpetuated because of human error, it is important to educate users about phishing. The proposed technical approach to educating the user is the intervention of human learning within a cybersecurity program to help introduce the user to various awareness programs.

Technical solutions

There are two classes of technical solutions: content-based approaches and non-content-based solutions. Both solutions offer suitable solutions to the issue of phishing attacks. Non-content-based approaches use blacklists and whitelists, whereas content-based solutions focus more on text, images, and java scripts. Other solutions within this category include using techniques to detect the attack, preventing them from reaching various users’ systems and adopting corrective techniques in dealing with the issue of compromised techniques.

CONCLUSIONS AND RECOMMENDATIONS

The analysis of information within the report on the problem of phishing and its impact on American businesses led to the following conclusions and recommendations:

  1. Phishing attacks are the most common form of social engineering and have become the biggest concern for most internet users because of their susceptibility to losing their sensitive personal information. In phishing, most executors of the attacks rely on various techniques to redirect their users to websites that can easily be manipulated using embedded links. Also, attackers could use other mediums to undertake the attacks, such as the use of Voice over IPs, the use of short messages, and the use of instant notifications.
  2. Phishing is considered a real-life problem because it affects individuals and organizations directly, making them more vulnerable, exposing their employees and attacking all their existing malware protection measures. Phishing bypasses all existing measures making it possible for cybercriminals to gain access to personal and confidential information globally.
  3. When an organization experiences a phishing attack, monetary costs and loss are the first impacts and unfortunate effects. The direct monetary losses recorded because of phishing are proportionate to the attack’s impact on customers’ information.
  4. Phishing attacks often result in intellectual property losses because of a successful phishing campaign. During a phishing attack, trade secrets, formulas and new developments are all compromised.
  5. Phishing attacks of any kind cause business disruptions. It is not easy for an organization to keep running after they have experienced any form of a phishing attack. More so when it involves a malicious bug.
  6. Phishing attacks result in reputation damage. Most organizations are usually reluctant to state that they have experienced a phishing attack because of the level of damage it has on their reputation.
  7. Some of the common characteristics of phishing include having a sense of urgency, requesting interaction away from the recipient’s mail, and their emails are often considered or classified as important.
  8. Human education plays a critical role in preventing future phishing attacks. Through education, humans are trained and enlightened on existing or emerging forms of phishing attacks within the business environment.

The findings help gain insight into phishing, how phishing attacks are initiated and how best to counter a phishing attack. Adopting countermeasures is critical in dealing with any existing or emerging phishing attack.

Works Cited

Al-Fayoumi, Mustafa, Jaber Alwidian, and Mohammad Abusaif. “Intelligent association classification technique for phishing website detection.” International Arab Journal of Information Technology 17.4 (2021): 488-496.

Esmat, Hanin Younis, Alaa Faisal Alharbi, and Abdelrahman Karrar. “The Impact of Phishing on the Business Sector in KSA: Analytical Study.” International Journal 10.2 (2021).

Kolley, Saikou. Phishing attacks: Detection and prevention. Diss. University of Bradford, 2021.

Kumar, Abhishek, Jyotir Moy Chatterjee, and Vicente García Díaz. “A novel hybrid approach of svm combined with nlp and probabilistic neural network for email phishing.” International Journal of Electrical and Computer Engineering 10.1 (2020): 486.

Miranda, Michael JA. “Enhancing cybersecurity awareness training: A comprehensive phishing exercise approach.” International Management Review 14.2 (2018): 5-10.

Okpa, John Thompson, Benjamin Okorie Ajah, and Joseph Egidi Igbe. “Rising Trend of Phishing Attacks on Corporate organizations in Cross River State, Nigeria.” International Journal of Cyber Criminology 14.2 (2020): 460-478.

Rendall, Kieran, Antonia Nisioti, and Alexios Mylonas. “Towards a multi-layered phishing detection.” Sensors 20.16 (2020): 4540.

Thomas, Jason. “Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks.” Thomas, JE (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management 12.3 (2018): 1-23.

LIST OF FIGURES

Figure 1: The process of phishing.

Figure 2: A real-life example of phishing

Figure 3: Common techniques used for phishing attacks.