Phishing

“Safety on Social Networking – Phishing” ** Introduction  ** The evolution of social media has not only made it easier to connect with old friends and family members, they have also made it easier for criminals to gain access to their lives. By willingly placing large amounts of confidential information on sites such as ‘Facebook’ and ‘My Space’, users typically involving tweens ranging from age 12 onwards leave themselves susceptible to fraud. Alternatively, personal information collected can be sold on the internet.

** Research Methods ** The research - as it pertains to ‘phishing’ required the use of statistical data taken from Statistics Canada in addition to stakeholders who make it their primary occupation to fight internet scams and fraud. These organizations or private companies know and understand the dynamic trends witnessed in web 2.0. Semantic Corporation has established a comprehensive source of internet threat data by providing a ‘Symantec Global Internet Security Threat Report’. With a combination of 240,000 sensors in over 200 countries and territories, they’ve been able to monitor attack activities with the help of third party data sources (Symantec Global Internet Security threat Report, 2009). These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The Microsoft Safety & Security Center also provides a thorough breakdown of computer security, digital privacy, and online safety ( [|www.microsoft.com/security/online-privacy/social-networking.aspx]  ). Furthermore, anti-phishing websites sponsored by unbiased organization such as the Anti-Phishing group of Indiana University as well as leading computer science experts. Dr. Markus Jakobsson, remains as the top contributor to the understanding of phishing and crime ware and has focussed his efforts on human aspects of security and mobile security ( [|www.markus-jakobsson.com]  ).  ** Discussion  ** According to Symantec’s ‘internet Security Threat Report’, Social-networking websites have become a target for online fraud (Symantec Corp, 2009). Social networks have become a favourite method of attack for ‘phishers’ as they seek for new and easier means to reach unsuspecting victims. Phishers take hold of the social networker’s credentials by way of an email originated attack. The emails within the social network direct victims to an external site that ‘phish’ for information and consequently mimic the social network’s login process. The profiles can then be used to email friends within the social network. The innovation stems from the fact that the exploitation is social instead of the technical aspect. The way to look at phishing attacks is that it’s a direct attack on one’s emotions than on one’s technological defenses (Jakobsson, 2007). Known as social engineering, phishers exploit the trust users have with one another to manipulate potential victims into sharing personal information rather than using previous methods of ‘cracking’. Ultimately, the purpose of phishing is to entice the recipients of emails to divulge personal information that they would typically not reveal, as they unsuspectingly fall into the sender’s trap. It is through methods of trickery and or deception for purposes of gathering information to commit fraud and consequently gain computer system access which can be used for monetary gain. While ‘phishing’ itself is not new, the use of ‘social engineering’ allows for the psychological manipulation of victims. Criminals can steal Facebook login passwords, steal the user’s identity, and consequently change the content of the page to make unsuspecting ‘friends’ think ‘they’ were in trouble. The pretext is later ensued by sending mass e-mails to friends of victims asking them for help. Hence, the repercussion of the crimes spread through the rungs of the social network. As a precursor to using any social media tool, one should assume all information could be made public and should take necessary precautions to keep private or personal information from being shared publicly. Furthermore, it should be stressed that it’s small pieces of information we often share or don’t think about that can be pieced together to create a full profile of an individual. Users should be aware of what they divulge online and how they divulge it. Based on statistics Canada Report, internet users aged 16 and over are concerned about internet privacy (Stats Canada). Furthermore, a general social survey indicated that problems associated with security on the Internet – namely personal information made public and hacking comprise of 45% of issues which is closely tied to phishing and related activities.

** Conclusion ** Our research points to the need for extensive educational campaigns concerning phishing and other online security threats. This can be achieved by using social networks as a tool to educate users of Web 2.0. Consequently, social networks may prove to be an effective means to decimate illegal activities over the web and more specifically safety…………….

Indiana School of Informatics. Stop Phishing.com (2006). Retrieved from http://www.indiana.edu/~phishing/.
 * Bibliography **

Jakobsson, M., Myers, S. (2007). Phishing and Countermeasures: Understanding the Increasing Problem Of Electronic Identity Theft. Hoboken, NJ: Wiley.

Mark Monitor Inc. (2010). Data Sheet: Anti-Fraud Solutions. Retrieved from http://www.markmonitor.com/download/ds/ds-Anti-Fraud.pdf

Osborne, Darren (2008, Apr 9). Phishers Attack Social Networking Generation. Silicon.com. Retrieved From http://www.silicon.com/technology/security/2008/04/09/phishers-attack-social- Networking-generation-39185353/.

Statistics Canada. Canadian Internet Use Survey. (2010, May 10). (Table 358-0128). Retrieved from http://www40.statcan.gc.ca/l01/cst01/comm31a- eng.htm

Symantec Corporation (2010). // Symantec Internet Security Threat Report – Trends for 2009 //. Retrieved From http://eval.symantec.com/mktginfo/enterprise/white_papers/b- whitepaper_exec_summary_internet_security_threat_report_xv_04-2010.en-us.pdf.