Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks
نویسندگان
چکیده
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.
منابع مشابه
GAO-05-231 Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
To view the full product, including the scope and methodology, click on the link above. Spam, phishing, and spyware pose security risks to federal information systems. Spam consumes significant resources and is used as a delivery mechanism for other types of cyberattacks; phishing can lead to identity theft, loss of sensitive information, and reduced trust and use of electronic government servi...
متن کاملMitigating Information Security Risks by Increasing User Security Awareness: A Case Study of an Information Security Awareness System
Organizations that lack security awareness can miss detecting many obvious security risks such as Trojans, phishing, viruses, and intellectual property theft in their daily activities. This lack of awareness can render sophisticated Internet security technologies useless and expose the organization to enormous risks. This paper adopts the systems development research methodology to investigate ...
متن کاملOn the Effectiveness of Techniques to Detect Phishing Sites
Abstract. Phishing is an electronic online identity theft in which the attackers use a combination of social engineering and web site spoofing techniques to trick a user into revealing confidential information. This information is typically used to make an illegal economic profit (e.g., by online banking transactions, purchase of goods using stolen credentials, etc.). Although simple, phishing ...
متن کاملPhish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks
Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have ...
متن کاملComputer security threats faced by small businesses in Australia
In this paper, an overview is provided of computer security threats faced by small businesses. Having identified the threats, the implications for small business owners are described, along with countermeasures that can be adopted to prevent incidents from occurring. The results of the Australian Business Assessment of Computer User Security (ABACUS) survey, commissioned by the Australian Insti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1512.00082 شماره
صفحات -
تاریخ انتشار 2013