Ethics in Phishing

 

 

by

 

 

Goddie Robins

 

Ethical Theories & Codes

Phishing initially involved posing as administrators and emailing internet users requiring them to enter login credentials. Internet users were sent instant messages asking them to confirm billing information or verify their accounts. These messages required them to enter their login credentials which were later used for malicious purposes. Phishing victims were sent messages where they were asked to click on links to verify illegitimate purchases. People were more susceptible to personalized emails since they involved senders they were already familiar with.

With personalized emails, attackers could target large corporations and gain large sums of money. People were becoming familiar with general emails and were more aware of such attacks. Links make it easier and faster to access information from external webpages. Links direct users to external sites where they can get more detailed information. Links enable users to navigate multiple sites to explore similar and related information. Phishing sites increased by 350% during the holidays in 2020, targeting networks and devices (Gradon, 2020).  Phishing sites increase during the holidays posing as company surveys, shopping invoices, donations and discount deals. In the 2020 holiday season, the FBI received about 17,000 complaints over undelivered goods leading to losses of over $53 million. Most of these complaints were due to phishing sites.

Short codes and HTTPs provide an easy, immediate and convenient way for users to access links and interact with various services. This encourages users to use them without paying much attention to their risks. Attackers use HTTPs that appear legitimate that encourage users to click on links to malicious malware that steal sensitive information. Many users often receive HTTPs from their colleagues and they accept them without verifying their authenticity. This makes it easy for attackers to target such users to steal sensitive information.

Add-ons are unreliable since they can be ineffective against modern phishing techniques. Users can download malicious third-party add-ons that collect sensitive data of their victims leading to blackmail. Add-ons collect a lot of data about their users. These add-ons can be targeted by attackers to steal sensitive information about their users. Security awareness training addresses the cybersecurity mistakes that employees make to prevent data breaches. Security awareness training prevents loss of intellectual property, money and sensitive information by educating employees to avoid security breaches. Security awareness training informs employees about how add-ons can be used to detect and avoid phishing attacks.

Working within the company premises leads to the development of standards of behavior and interaction that helps create social cohesion, cooperation and shared trust. On the other hand, when working remotely, employees don’t interact and consult, and often fail to consult before taking action. Employees working remotely lack the guidance and support of their supervisors. These employees are often reluctant to consult their supervisors and end up take action without consultation. Remote employees can receive newsletters, instructions and invoices that appear to be from their organizations. These employees can hurriedly take action as they rush to meet their deadlines.

Cybersecurity awareness programs inform employees about phishing techniques and how they can be used to access sensitive information. These remote employees are aware of the phishing threats and are unlikely to open emails and click on links without verifying them. Remote employees are aware of phishing techniques and they always consult with their colleagues and superiors before taking action. Remote employees often communicate with their colleagues and superiors and are unlikely to act irrationally.

Ethical Analysis

Phishing is a social engineering technique where an attacker poses as a trusted entity and dupes victims into clicking malicious emails, text messages or links which leads to the installation of malware and exposure of sensitive information. Phishing attacks are unethical since they involve duping victims into revealing their personal data and passwords. Phishing attacks are also illegal because they aim to steal sensitive and personal information to commit identity theft, leading to financial and data loss.

Attackers would pose as legitimate businesses or friends to convince people into clicking malicious emails and links that lead to malicious websites. Attackers can also pose as businesses and send offers such as vouchers and discounts to their victims, where they are required to click on links to claim these offers. Google and Facebook were duped $100 million by a phisher who impersonated Quanta company and sent fake invoices to the two companies, which they both paid in full. This is a classic example of a phishing attack.

Attackers are always looking for new ways to dupe their victims. This means phishing techniques are always changing and it would require a company to regularly train their workers. Regularly training becomes expensive in the long-term. The effectiveness of the security awareness training varies and it cannot always guarantee protection from phishing attacks. The training must cover different phishing trends and techniques which cannot all be covered effectively within the short period allocated. Some employees may fail to take security training seriously and make efforts to understand phishing because they may find it to be the responsibility of the organization or IT department. These employees often fail to take their time to analyze and evaluate whether a link or email is authentic.

Phishing is a social engineering technique that aims to steal user data such as credit card numbers and login credentials. Phishing uses social engineering that uses malicious emails, links and websites to persuade users into revealing personal and sensitive information. Phishing is an unethical act that creates a sense of fear, urgency or curiosity to encourage victims to open attachments or click on links to steal sensitive information. 74% of US organizations across all industries experienced successful phishing attacks in 2020 (Egharevba, n.d.), leading to significant losses. The average cost of successful phishing attacks among large organizations in the US about $15 million annually. This value has tripled in the past three years across multiple industries. American Airlines, Megallen Health Inc. and Buffalo Public Schools also experienced phishing attacks leading to heavy losses.

Most security software have vulnerabilities and it is thus important to train employees on identifying and avoiding cyberattacks. Companies should train employees on how they should use anti-phishing, anti-spam and anti-malware effectively to detect and avoid cyberattacks. Employees can also open emails through their phones which renders organizational security software ineffective.

Phishing is a software engineering attack that uses a fake email that encourages users to click on links and enter personal information. This leads to revealing personal information that can be used for malicious purposes. Phishing is a cyberattack technique where tech-savvy criminals use fake emails and websites that appear legitimate to trick users into downloading malware or releasing sensitive information. Phishing is an attack where users receive fake emails requiring them to enter sensitive information such as login credentials and social security numbers.  

Phishing attackers use emails that appear legitimate that contain links directing employees to malicious websites where they will be required to provide personal information such as login information and passwords. Phishing scams involve using fake emails that trick employees into revealing sensitive information such as employee IDs and login credentials. Data acquired through email phishing scams can be used to make purchases, steal sensitive information, withdraw funds and blackmail. Web users can download web extensions from untrusted sources that fail to warn them when they attempt to perform dangerous events such as visiting malicious websites. Malicious web extensions have permission to fully access user data and run on all websites, including the harmful ones. Ineffective web extensions can mistakenly direct users to malicious websites containing malware and viruses. 

Phishing is an ethical problem since it involves duping victims into revealing personal and sensitive information. Phishing attackers use websites that appear legitimate and exploits a user’s ignorance of cybersecurity. Unfortunately, human error plays a critical role in phishing attacks, accounting for over 60% of all successful attacks (Bhardwaj et al., 2020). This could involve an employee failing to perform an action that eventually leads to an organization being exposed to a cyber-threat. Human error can also involve physical security errors, patching, weak passwords and misdelivery.  Therefore, phishing doesn’t meet the ethical expectations of the society since it preys on human error and ignorance of end users.

REFERENCES

Bhardwaj, A., Sapra, V., Kumar, A., Kumar, N., & Arthi, S. (2020). Why is phishing still successful? Computer Fraud & Security2020(9), 15-19. https://www.magonlinelibrary.com/doi/abs/10.1016/S1361-3723%2820%2930098-1

Egharevba, T. Phishing Attack-A Challenge in Cybersecurity. https://www.researchgate.net/profile/Terry-Egharevba-2/publication/357826193_Phishing_Attack-A_Challenge_in_Cybersecurity/links/61e1333470db8b034c91ad93/Phishing-Attack-A-Challenge-in-Cybersecurity.pdf

Gradoń, K. (2020). Crime in the time of the plague: Fake news pandemic and the challenges to law-enforcement and intelligence community. Society Register4(2), 133-148. 

Comments

Post a Comment

Popular posts from this blog

  Web Request       Goddie Robins   Introduction I shall boot up my laptop and connect to an Ethernet connection through the Ethernet switches to the school router. The school router connects to an internet service provider (ISP) which provides DNS services to the school. Therefore, the DNS servers are located on the ISP’s network. The DHCP server is running on the school’s router. When I plug in the Ethernet cable, I cannot access any webpage since I lack an IP address. Therefore, the school’s network will first run its DHCP server to generate an IP address for my device.   Web Request My laptop’s operating system will generate a DHCP request and add the request to the UDP segment that contains the DHCP server and client. The UDP message is encapsulated in an IP datagram containing the source IP address (0.0.0.0) since his device has not been allocated an IP address. Still, I cannot access the network. The IP datagram that contains the DH...
Read more
Image
  Phishing Phishing is a form of social engineering attack that aims at encouraging internet users to reveal sensitive information such as bank login credentials and credit card numbers through websites that appear legitimate. Attackers, in this case, pretend to be companies or acquaintances that send messages containing links to phishing websites. Ollmann (2004) conducted a survey that revealed 57 million internet users received phishing emails in the United States and 2 million victims were compromised. Another survey revealed that there were 1,862 data breaches in 2021, with each breach costing businesses an average of $4.65 million (Fowler, 2022). This study discusses the types of phishing attacks, their implications, challenges and ways of identifying and preventing them. Phishing attacks in the airline, education and healthcare sectors in the United States led to losses of about US$100 million (Sadiq et al., 2021). Attackers used email phishing to steal workers’ login ...
Read more
Image
  Group decision-making methods The Delphi technique is appropriate when a group consensus is required when making a group decision (Dagher, 2021). It involves gathering all the ideas generated and compiling them for the group leader to break them down into a smaller list. The choices are condensed until a decision is made. The brainstorming technique provides an open environment where group members can express ideas to raise potential ideas and solutions. Group members are encouraged to provide any idea that comes to mind; there are no good or bad ideas. In the nominal group technique (NGT), the moderator records ideas gathered during a brainstorming session. Group members share their ideas with the moderator, discussing each idea to gather information. Ideas are then assigned priority scores and are pursued according to these scores. Comparison The Delphi technique is used to collect, organize, review, and revise group members' ideas. It involves generating a group deci...
Read more