Why Some Hackers Are Successful in Phishing - Paper Example

Introduction

Phishing refers to the fraudulent attempt by hackers to obtain sensitive information such as credit card details, passwords, and usernames where the hackers disguise themselves as trustworthy individuals in communication through electronic means (Thomas, 2018, p.6). The various incentives that drive phishing attacks include political power, corporate espionage, and financial benefits (Akbar, 2014,p.40).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Statistics show that the worldwide impact of phishing globally is approximately US$5.3 billion over the past three years with more than forty thousand victims. The United States alone has suffered losses of more than $1.5 billion (Ragan, 2018, p.1). Digital thieves can gain access to customer data and confidential information today using ever-increasing creative hacking schemes. Many people do not have the appropriate security software and protocols in place which leaves them vulnerable to unauthorized users (UCSC, 2018). This study analyzes the reasons why some hackers are always successful when carrying out phishing attacks. The study has determined that the hackers use strategies such as social engineering tactics in a bid to gain their victims' trust, they also create a sense of urgency and panic in their victims to ensure that they provide the information they need as soon as possible.

One way in which criminals gain people's personal information is by carrying out email phishing. Hackers carry out email phishing in a bid to steal people's bank account details and their passwords. Email attacks have become a scam that is worth billions of dollars as the hackers take advantage of human nature and lax policies (Ragan, 2018, p.1). These attacks target an individual's routine and are a variation on social engineering (Purkait, 2015, p.340). Since social engineering is not detected or defeated easily, the criminals usually ask for information that is not out of the comfort zone of their targets or unusual to them which hence makes the attacks mostly successful (Ryan, 2018, p.1). Social engineering tactics used by these criminals include interpersonal skills and aggressive persuasion to obtain access into the victims' systems. The main reason why criminals use social engineering tactics is that exploitation of an individual' natural inclination for trust is much easier than hacking people' system through software. Once they have collected this data, the phishers use it to commit credit card fraud or access the financial accounts of the victim.

Hackers can phish using this technique because they send an email that appears to have come from a person who is well known to the individual or an organization such as the person's bank or place of work. To ensure that the individual will open the email immediately without asking for extra information from the source first, the hacker usually creates panic or a sense of urgency to trick the users into providing their personal information (Johar, 2018, p.1).

Incidentally, an individual may be asked to confirm their ATM number for account re-activation since their account has been deactivated. The victim may think that the email comes from a legitimate source when a malicious hacker has indeed sent it in a bid to steal confidential information (Sebastian, 2018, p.1). In email phishing, the email sent to the victim may contain a link which the target is expected to click that may, in turn, take them to a fake bank website which seems legitimate. Hackers also carry out baiting activities to access people's unauthorized information. For instance, they may say that they will offer specific gifts to people who will provide information such as their bank accounts.

Hackers also use malware to gain people's confidential information. Malware refers to malicious software that is usually written with the aim of stealing information from the system by compromising it. The programs perform various functions such as tracking the person's activities secretly, modifying the core functions of the system, or deleting or stealing sensitive data (Johar, 2018, p.1). People may face this problem if they have operating systems which are either not updated or of pirated versions. Additionally, they may face this challenge if they click on links that they do not know or download malicious programs (Thomas, 2018, p.7).

There are a variety of malware types that hackers use to obtain their victims' data. First, they use keylogger. This form of spyware usually records the keys that one types as well as where one types them. The attacker can then analyze this information to determine the victim's chats, passwords, credit card numbers, among other private data (UCSC, 2018).

Second, hackers use spyware to spy on their victims (UCSC, 2018). This form of malware tracks all the activities that the victim carries out online and it can video graph the person using their webcam, record their keystrokes or even listen to what they say using their microphone (Johar, 2018). Third, they use Trojans which create backdoors to in the victim's security system thus enabling hackers to monitor what they do remotely (UCSC, 2018). Hackers can continually use this method even with people who have good security systems since the malware is sometimes included in software that is legitimate or it may also disguise itself as a legitimate software (Johar, 2018, p.1).

Finally, hackers use viruses that can infect software to gain people's data. The virus may even modify or disable the core functionality of a system (UCSC, 2018). To do so, the virus usually replicates itself into programs or various files of data which in turn makes the system inaccessible (Johar, 2018, p.1). Hackers are able always to gain people's personal information because they usually employ the various mechanisms until one of them works. They are then able to get the information since the various malware may take long time periods to get detected.

Another way in which hackers get people's personal information is through the use of malicious mobile applications. They are always successful when using this method since they usually place their apps either on the Apple store or Google Play store (Johar, 2018, p.1). This is because the majority of people believe that all the apps that are available in these sites are legitimate and safe which is not true. Some of the apps in these sites usually have code that is malicious and thus puts the target people's privacy at risk (Ward, 2018, p.1). Apart from containing malicious code that may install malware in the victims' devices, the apps may also ask for permissions that are not necessary which the hackers may use in the extraction of the individuals' media, messages, or contacts.

Criminals may also carry out quid pro quo where they promise a reward to people in exchange for information (Spinapolice, 2011, p.5). For example, the hackers may inform their victims that there is something wrong with their systems and ask to be provided with the person's username and password. They may even ask the individual to disable their anti-virus, then download a particular 'fix' from a specific website which may be malware. Consequently, the victims will have given the hackers control of their devices.

Another phishing strategy that many hackers use to gain people' personal information is spear phishing. Normal phishing attacks usually target as many individuals as possible. They are hence normally written vaguely and can be easily spotted. Conversely, spear phishing techniques are normally much more sophisticated, targeted, and convincing (Williams, Hinds & Joinson, 2016, p.1). The cybercriminals target a particular small group of people and then carry out research and phishing based on the person's activities online or their profile (Nussbaum, 2018, p.10). The phisher may also get the victim's personal information or that of their colleague, family, and friends and use it as leverage when writing an email. Due to the customization of spear phishing, it is more likely for them to succeed better than the traditional phishing activities.

Hackers usually target individuals and employees mainly during their phishing attacks. Individuals are easy to compromise since many are not educated or tech-savvy to identify emails that are written with the intention of phishing (Airehrour, Nair & Madanian, 2018, p.1). This element thus makes hackers successful in gaining their personal information. Hackers also target employees where they use their job responsibilities, the names of their co-worker, and other company details to lure them into their phishing activities. In some cases, executives are an even better target because their information is widely available to the public on the company' website or various social media platform (Williams, Hinds & Joinson, 2016, p.1). Hackers then use the information they gain to get companies' confidential documents, trade secrets, and other financial information.

Therefore, some cybercriminals are always successful in gaining access to people's personal information by following four critical steps. First, they identify their target where they may create a master email list and choose their victims based on the information they intend to acquire (Ungerleider, 2018, p.1). They may target employees at low levels by impersonating their superiors, or they may also target executives who have higher access levels.

Second, they will gather intelligence with their targets in mind (Shabani, 2016, p.10). They may use social media, company details, or even use the dark web to gain enough data that will enable them in building an email that will be believable (Lazarescu, 2018, p.1). If they want to obtain highly valuable information, they will carry out in-depth research and significantly use interpersonal skills to gain it.

Third, they will craft a message using the information gathered in the second step. The scammers may use official sounding statements and the logos of popular websites (Giannotti, 2018, p.1). They will then ask the victims for their usernames and passwords in a manner that depicts urgency which compels the individuals to immediately provide that information (Elbo Computing Resources, 2018, p.1). Finally, they deploy the emails by tricking email filters that the message is from a source that is legitimate (Goldberg, 2018, p.1). Incidentally, they may carry out display name spoofing or even use particular company names that the victim will recognize.

A report from PhishMe states that people are usually duped by phishing emails for various reasons. 13.7% get duped due to curiosity, 13.4% get duped due to fear, and 13.2% are duped because of the sense of urgency provided in the emails (Dark Reading, 2018, p.1); (Bisson, 2018, p.1). Some of the scammers frequently inform their victims of added risks, punishment, or threaten loss to make them provide their personal information. If people think that they are in trouble, they are highly likely to respond according to the requirements of the emails. Hackers are also aware that the allure of gifts and money are difficult to resist and hence use these strategies to gain people's data.

Conclusion

In conclusion, it is evident that hackers use various methods to gain personal information from their victims. The most effective means are those that involve gaining their victims' trust since having them provide them with the information is much easier than hacking the software to obtain this data. They also create a sense of fear, urgency, and curiosity to make the victims respond to their messages and consequently provide their personal information.

References

Airehrour, D., Nair, N., & Madanian, S. (2018). Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model. MDPI, 9(5). doi: 10....