Phishing

Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. In this paper, we propose an automated method for removing SQL injection vulnerabilities from Java code by converting plain text SQL statements into prepared statements. Prepared statements restrict the way that input can affect the ...

Phishing e-mails deceive individuals into giving out personal information which may then be utilized for identity theft. One particular type, the Personal Solicitation E-mail (PSE) mimics personal letters—modern perversions of ars dictaminis (the classical art of letter writing). In this article, I determine and discuss 19 appeals common to the PSE. These appeals were established first by conducting generative rhetorical analysis, then by volunteer coding, on 170 e-mails collected over a 12-month period. After defining these categories, I show how these letters are excellent twenty-first century teaching tools for pathos-based argumentation, logical appeals, the creation of ethos, and kairos in the development of perceived exigency.

Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.

COVID-19 is a fatal disease caused by coronavirus. ‘CO’ signifies corona, ‘VI’ signifies virus, ‘D’ signifies disease. The COVID-19 virus is a new virus that belongs to the family of viruses as Severe Acute Respiratory Syndrome. In this paper, we are focusing on COVID-19 effects in the cyber world (CyberSpace). As COVID-19 is a global pandemic and everyone says that COVID-19 is the worst pandemics in all over the world in this century. As the contagious nature of the virus, there is so much anxiety over its spread. COVID-19 has forced companies and individuals to practice social distancing and remote working. As some country try to build the vaccine of the COVID19 and other country waits for a possible cure to stop the spread of COVID-19, due to this pandemic situation every online information that varieties of direct or indirect reference to “coronavirus” attract the attention of users who search in information about the coronavirus. As a result, Malicious user or attackers are actively exploiting it for their gain. Cybercriminals have also started to exploit fears about the COVID-19 outbreak to conduct email scams, phishing, and ransomware attacks. Cybercriminals are designing a website on COVID-19 and injecting malware into the website. These are exactly the times where hackers get creative with their malicious intent of hacking into devices and stealing data. They are stealing sensitive information of users, such as user names, passwords, and credit card details. So, in this paper we try to explore the coronavirus effects on to the cyberspace and its impact on to the internet user. The paper makes the suggestions or recommendations to internet user for safer usages of internet and protect their data and privacy in the rising of online scams of coronavirus.

Tras años de trabajo, estudio e investigación, “Hackeados” llega al público.

Un libro que, a diferencia del resto de los escritos por abogados, no está dirigido a otros abogados, sino al resto de los ciudadanos.

En un lenguaje accesible, desprovisto de tecnicismos y con tintes humorísticos, expone cuáles son algunos de los peligros a los que nos enfrentamos día a día en el universo 2.0.

Incluye un capítulo específico con decenas de consejos y recomendaciones esenciales de ciberseguridad para prevenir ser víctimas de un delito en nuestro hogar.

Luego de advertir y concientizar, el último fragmento del libro incorpora una guía que responde a las preguntas “¿qué, cómo y dónde denunciar?”, cuáles son los tipos penales previstos por la legislación argentina actual, un anexo con ejemplos de casos reales y habituales de intentos de estafas virtuales y un tutorial paso a paso para protegernos de hackers en nuestras redes sociales.

Más que un libro, Hacheados es una guía de concientización y prevención del ciberdelito.

The Coronavirus (COVID-19) crisis is having a massive impact globally with a rapid spread across the globe. Which made the World Health Organization declare it a pandemic. COVID-19 has prompted countries to adopt new behaviors such as social distancing, remote work and the closure of some important businesses and sectors. At the same time, the White Berets are doing their best to absorb the epidemic. However, while white hats protect people, black hats are taking advantage of the situation, leading to the spread of a cybersecurity pandemic.
Organizations have had to adapt to the demand for remote work quickly and at scale. Many have been forced to renovate their physical offices and policies set up in a panic to enable employees to work from home without the necessary training or well-made arrangements. Most of these companies and organizations have no plans on the ground to facilitate this radical and sudden change within a short period.
In fact, only 38% of companies have a cybersecurity policy. By moving to an online environment, organizations and companies around the world have implemented a "work from home" (WFH) business model that increases attack vectors and risks to internal data.
It is noteworthy that WFH has become the new normal for people all over the world. In most scenarios, this refers to requiring employees to use their personal devices and home networks, which are often inherently insecure and lack the required security standards. [1]
The pandemic has created a formidable challenge for companies around the world. The IT they have long relied on—data centers, clouds, departmental servers, and the digital devices their remote employees use to stay connected to each other and to company data—is becoming more important. Overnight, the demands placed on digital infrastructure skyrocketed. [3]
The paper presents cybersecurity attacks during the time of the COVID-19 pandemic, and a lot of information has been collected from the World Health Organization (WHO), trusted organizations, news sources, official government reports and available research articles. The paper then categorizes cybersecurity attacks and threats in the COVID-19 period and provides recommendations and countermeasures for each type. This paper discusses cybersecurity attacks and their countermeasures and reports on ongoing cybersecurity attacks and threats in this time period. Moreover, it is also a step towards analyzing the efficiency of the state's infrastructure as well as the social behavior of hackers and criminals at the time of the pandemic. [2]

The researcher investigated the extent of involvement in Cybercrime activities among students’ in tertiary institutions in Enugu state of Nigeria using cross sectional survey design. Questionnaires were used for data collection. A sample of 175 students was drawn from a population of 18,340 final year students in higher institutions in Enugu State using cluster sampling procedure. The instrument contains 12 items with 4 point scale of Most-times, Sometimes, Seldom and Never. The findings showed that students of higher institutions in Enugu state are involved in cybercrime. It also showed that students’ involvement in cybercrime is dependent on gender and Institution type. The implication of the finding for knowledge and development is that the present level of students’ involvement in cybercrime has a negative effect on the value of education and by extension, has lead to the setback in economic development of the State. It was recommended that government should empower the law enfo...

Phishing is a crime that involves the theft of personal information from users. Individuals, corporations, cloud storage, and government websites are all targets for the phishing websites. Anti-phishing technologies based on hardware are commonly utilised, while software-based options are preferred due to cost and operational considerations. Current phishing detection systems have no solution for problems like zero-day phishing assaults. To address these issues, a three-phase attack detection system called the Phishing Attack Detector based on Web Crawler was suggested, which uses a recurrent neural network to precisely detect phishing incidents. Based on the classification of phishing and non-phishing pages, it covers the input features Web traffic, web content, and Uniform Resource Locator (URL).

The low cost of communication and internet technology empower the common man to access various services online. But, these services are under watch of attackers who are trying to trick the online user by misleading or fake URLs. The URL communication may lead to phishing attack. Therefore accurate identification of malicious or phishing URL is one of the critical issues. In this paper, a ML (machine learning) model is proposed to recognize the phishing URL. The proposed model formulates the URL classification problem as unary classification problem. Thus two association rule mining algorithms are utilized to mine the association rules namely Apriori and FPTree. The model responsibly identifies the phishing URLs. The experiments on phish Tank database were carried out. Additionally, the mix set of URLs (Phish tank and legitimate) were also used with the association rule based classification model to validate the performance. The obtained results in terms of accuracy confirm the goodness of the proposed ML based phishing URL classification model. According to the results we found the Apriori based rules are accurate as compared to FP-Tree based URL classification. On the other hand the FP-Tree is efficient in terms of time and memory resource utilization.

Ingeniería Social implica valerse de cualquier medio para obtener información acerca de una o varias personas, para obtener beneficio o causar daño. No se asocia sólo a las acciones ejecutadas en línea, y se aprovecha de la credulidad de las personas. Se presentan sus Principios y algunas Formas conocidas. La metodología empleada en el trabajo fue de investigación documental, complementada por la propia experiencia del autor en el área de estudio. Los resultados más relevantes se refieren a las distintas formas de aplicar Ingeniería Social que existen y las principales medidas para contrarrestar sus ataques. La conclusión a la que se puede alcanzar, es que la principal defensa contra la Ingeniería Social es educar y entrenar a los usuarios en aplicar políticas de seguridad y asegurarse de que sean seguidas.

In the present era of technology, cybercriminals are getting smarter day by day. From the past few years, the cybercrimes have increased to an extent that most of the big companies are finding it difficult to prevent cybercrimes. One such cyber-attack is phishing where the victims are lured in entering their sensitive information like usernames, passwords, bank details, etc. It's very easy for an attacker to get sensitive information through phishing. The attacker should know some information about the victim's profile so that the victims can be easily tricked. A phished URL that the victims receive is very tough to differentiate as looks similar to the original URL. In this paper, we have made use of the information in the URL to determine if the URL is phished or not. So, it is not necessary for the user to enter the website and expose themselves to the malicious code. We have also discussed the metadata that is present in the URL. In this paper, we also make use of metadata to classify a URL. Random forest and logistic regression are the two algorithms used to classify the URL present in the dataset as phished or not phished. After using the classification algorithm on the given datasets, we found that the random forest algorithm has better accuracy in classifying if a URL is legit.

Whilst studying mobile users’ susceptibility to phishing attacks, we
found ourselves subject to regulations concerning the use of deception in
research. We argue that such regulations are misapplied in a way that hinders
the progress of security research. Our argument analyses the existing
framework and the ethical principles of conducting phishing research in light of
these regulations. Building on this analysis and reflecting on real world
experience; we present our view of good practice and suggest guidance on how
to prepare legally compliant proposals to concerned ethics committees.

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in cyberspace. Cyber security refers to the methods that a country or organization can use to safeguard its products and information in cyberspace. Two decades ago, the term "cyber security" was barely recognized by the general public. Cyber security isn't just a problem that affects individuals but it also applies to an organization or a government. Everything has recently been digitized, with cybernetics employing a variety of technologies such as cloud computing, smart phones, and Internet of Things techniques, among others. Cyber-attacks are raising concerns about privacy, security, and financial compensation. Cyber security is a set of technologies...

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in cyberspace. Cyber security refers to the methods that a country or organization can use to safeguard its products and information in cyberspace. Two decades ago, the term "cyber security" was barely recognized by the general public. Cyber security isn't just a problem that affects individuals but it also applies to an organization or a government. Everything has recently been digitized, with cybernetics employing a variety of technologies such as cloud computing, smart phones, and Internet of Things techniques, among others. Cyber-attacks are raising concerns about privacy, security, and financial compensation. Cyber security is a set of technologies, processes, and practices aimed at preventing attacks, damage, and illegal access to networks, computers, programmes, and data. The primary goal of this article is to conduct a thorough examination of cyber security kinds, why cyber security is important, cyber security framework, cyber security tools, and cyber security difficulties. Cyber security safeguards the data and integrity of computing assets that are part of or connected to an organization's network, with the goal of defending such assets from all threat actors throughout the life cycle of a cyber-attack.

Phishing is a scam that has evolved many years ago and it has been growing ever since. In this study we have collected much information regarding its new and improvised way of scamming the users without their knowledge and concern. Some case studies are also included based on real life events. According to the report received from Home Depot Company, the United States and Canada had encountered a loss of $62 million where only $27million was covered by the insurance company but the rest is yet to be recovered. Our main aim is to let the users be informed of all the malicious crime created by the attackers. We have also listed out some of the preventive measures that a user should follow in order to prevent such crimes. Knowingly or unknowingly theusers are trapped by using this kind of attacks and the hackers always succeed to outsmart them by using new and different scams. This paper is an attempt to bring an awareness on the phishing types, causes and various preventive measures that can change the way how people reason about the hackers and their perception towards them.

Fecha de Publicación: 4 de Octubre de 2017 1. INTRODUCCIÓN No es la primera vez que CESCO analiza el fenómeno del "phishing", contando con varios estudios sobre la materia 1. El presente trabajo es continuidad de ellos, pero podemos augurar que no será el último dada la preeminencia de esta modalidad de fraude en un contexto tecnológico cada vez más arraigado. Recordemos que el phishing es una forma de abuso informático que utiliza spam, mensajes de correo electrónico o sitios web falsos, suplantando en este caso la identidad de la fuente fiable, en la mayoría de los casos empleando una razón  Trabajo realizado en el marco de la

Personal computers and computer networks began to take over offices and increasingly the public in the 1980s, but the extensive adoption of the Internet did not come about until the introduction of the first browsers and the over- whelming acceptance of Microsoft Windows and Apple systems - equipped with advanced graphics - both in the mid-1990s. The world changed in

Cybersecurity is a global challenge as Cyberspace is never risk free. Cybersecurity ensures the attainment and maintenance of the security properties of the digital infrastructure and services against relevant security risks in the cyber environment. Currently web applications are highly functional and rely upon two-way flow of information between the server and browser. New technologies in Web applications have brought with them a new range of security vulnerabilities and new possibilities for exploitation. WebGIS is an effective way for disseminating geospatial data and geo-processing tools through internet. WebGIS is similar to the client/server architecture and the server-side geo-processing components will store, process and serve the data to the client/browser, during which Database server, Application server and a web server will be involved. The networking infrastructure in WebGIS environment plays a critical role in the security of the data centres. This paper presents the architecture of WebGIS environment, role of networking components, traits of Cybersecurity and portrays various defence mechanisms that aid in Cybersecurity in WebGIS environment.

Internet users use the web every day for Browsing, Email, Banking, Social Media, and Web File & Video downloads. This research paper aims to help world internet users how not to get victimized to EMOTET malware-A Banking Credentials Stealer. Emotet is a very advanced modular trojan malware that primarily targets financial systems and internet users to steal financial and personal information by sending phishing emails to the people in question and self-spreading. Emotet also drops and downloads other banking trojans such as Trickbot, Ursnif, and IceDiD to exploit systems further and encrypts the large chunk of victim sensitive data with Ryuk ransomware payloads to benefit cyber attackers. United States Computer Emergency Readiness Team (US-CERT) issued an alert already concerning malicious Emotet campaign attackers. US-CERT also concluded that Emotet malware is the most destructive and costly malware affecting federal, state, local, tribal, governments, private businesses, non-profit organizations, and individuals. A research conducted by top cybersecurity company CrowdStrike revealed that dealing with Emotet infections costs $1 million per incident to remediate. In general, Emotet spread through emails when a user opens phishing attachments and clicking on phishing links such as malicious URL links, fake PDFs, and macro-enabled Microsoft Word documents. Therefore, this paper aims to address a complete understanding of what Emotet malware is, how dangerous the operation of Emotet is, its countermeasures, and will present robust Security Situational Awareness (SSA) to all internet users about Emotet malware. This paper will use a survey questionnaire as a qualitative research methodology instrument to collect data and know-how internet users are familiar with Emotet Malware. The survey results are shocked to see how internet users lack situational awareness about Emotet. In conclusion, the paper provides precautions, mitigation actions, and recommendations to prevent user computers from Emotet infections with Security Situational Awareness (SSA).

Cyber security is a information technology. Securing information has become one of the biggest challenges nowadays. Whenever we think about cyber security the first thing we remember is 'Cyber Crime' which is been increasing day by day. The cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security and its types. To the world of computer technology, governments, police and intelligence units are acting toward the issue closely. Different strategies are put into action. The main goal is to educate the people in the world and to expose the idea that it is not safe anymore to navigate in the cyber world without any of security. This paper discuss about techniques used in cyber security.

At present,  the  importance of data  is  increasing day by day.  But with  the  increasing importance, the threat of data breach is also getting  high.  Recently  in medical field,  the hospitals are heading towards digitalization,  but this optimizes the threat of data breach and can even lead to violation of privacy of an individual. There are various methods of data breaching but one of the common method is Phishing. The rate of phishing attacks is  generally high in various business firms,  but health sector is not an exception.  Phishing attacks are generally successful due to lack of awareness among people. Therefore, this report  comprises  of  various  types  of  phishing  attacks  as  well  as  various  phishing techniques.  Moreover,  this  report contains detailed analysis of case studies of phishing attacks in health sector  and  summarizes various mitigation  techniques that can be carried out in order to prevent phishing.

Purpose-The emergence of the novel coronavirus (COVID-19) has threatened physical and mental health, and changed the behaviour and decision-making processes of individuals, organisations, and institutions worldwide. As many services move online due to the pandemic, COVID-19-themed cyber fraud is also growing. This article explores cyber fraud victimization and cyber security threats during COVID-19 using psychological and traditional criminological theories. It also provides a COVID-19-themed cyber fraud typology using empirical evidence from institutional and agency reports. Through organizing COVID-19themed cyber fraud into four different categorizations, we aim to offer classification insights to researchers and industry professionals so that stakeholders can effectively manage emerging cyber fraud risks in our current pandemic. Design/methodology/approach-The approach the study take for this conceptual paper is typology.

Phishing remains a basic security issue in the cyberspace. In phishing, assailants steal sensitive information from victims by providing a fake site which looks like the visual clone of a legitimate site. Phishing shall be handled using various approaches. It is established that single filter methods would be insufficient to detect different categories of phishing attempts. This paper provides a multilayer model to detect phishing, titled as PhiDMA(Phishing Detection using Multi-filter Approach). The PhiDMA model incorporates five layers: Auto upgrade whitelist layer, URL features layer, Lexical signature layer, String matching layer and Accessibility Score comparison layer. A prototype implementation of the proposed PhiDMA model is built with an accessible interface so that persons with visual impairments shall access it without any barrier. The result from the experiment shows that the model is capable to detect phishing sites with an accuracy of 92.72%.