Table of Contents
Abstract
In this review paper we have discussed about various type of cyber crime,but the main focus was on phishing-A Cyber Crime.
We have studied what is phishing?,impact of phishing on society like business, people and society.different trends of phishing from years to years.Precautions of phishing attack and how to prevent phishing attack.
Introduction
Cyber Crime is crime that is held online or on through internet.It is a crime that can affect a person finnancially,emotionally and ethically.In this type of crime there is a hacker who is main master mind behind this big crime and a target who is targeted through cyber.The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China.In 1990, during a project dubbed Operation Sundevil, FBI agents confiscated 42 computers and over 20,000 floppy disks that were allegedly being used by criminals for illegal credit card use and telephone services. This two-year effort involved 150 agents.
Despite the low number of indictments, the operation was seen as a successful public relations effort by law enforcement officials. Garry M. Jenkins, the Assistant Director of the U.S. Secret Service, explained at a press conference that this activity sent a message to criminals that, “they were on the watch everywhere, even in those sleazy and secretive dens of cybernetic vice, the underground boards.”In 1986 the systems administrator at the Lawrence Berkeley National Laboratory, Clifford Stoll, noted certain irregularities in accounting data. Inventing the first digital forensic techniques, he determined that an unauthorized user was hacking into his computer network. Stoll used what is called a “honey pot tactic,” which lures a hacker back into a network until enough data can be collected to track the intrusion to its source. Stoll’s effort paid off with the eventual arrest of Markus Hess and a number of others located in West Germany, who were stealing and selling military information, passwords and other data to the KGB.
The Berkeley lab intrusion was soon followed by the discovery of the Morris worm virus, created by Robert Morris, a Cornell University student. This worm damaged more than 6,000 computers and resulted in estimated damages of $98 million. More incidents began to follow in a continuous, steady stream. Congress responded by passing its first hacking-related legislation, the Federal Computer Fraud and Abuse Act, in 1986. The act made computer tampering a felony crime punishable by significant jail time and monetary fines.
History of Cyber Crime
At the beginning of the 1970s, criminals regularly committed crimes via telephone lines. The perpetrators were called Phreakers and discovered that the telephone system in America functioned on the basis of certain tones. They were going to imitate these tones to make free calls.
John Draper was a well-known Phreaker who worked on it daily; he toured America in his van and made use of public telephone systems to make free calls. Steve Jobs and Steve Wozniak were inspired by this man, and even joined him. Of course they all ended up on the right path: Steve Jobs and Wozniak founded Apple, the well-known computer company.
Phishing
Evolution of Phishing
In many ways, phishing hasn’t changed a lot since its AOL heyday. In 2001, however, phishers turned their attention to online payment systems. Although the first attack, which was on E-Gold in June 2001, was not considered to be successful, it planted an important seed. In late 2003, phishers registered dozens of domains that looked like legitimate sites like eBay and PayPal if you weren’t paying attention. They used email worm programs to send out spoofed emails to PayPal customers. Those customers were led to spoofed sites and asked to update their credit card details and other identifying information.
By the beginning of 2004, phishers were riding a huge wave of success that included attacks on banking sites and their customers. Popup windows were used to acquire sensitive information from victims. Since that time, many other sophisticated methods have been developed. They all boil down to the same basic concept, though, and it is safe to say that this concept has proved to be quite effective.
First Phishing Attack
According to Internet records, the first time that the term “phishing” was used and recorded was on January 2, 1996. The mention occurred in a Usenet newsgroup called ‘https://en.wikipedia.org/wiki/AOHell’ t ‘_blank’ AOHell. It is fitting that it was made there too; America Online is where the first rumblings of what would become a major criminal issue would take place.
With their random credit card number generating racket shut down, phishers created what would become a very common and enduring set of techniques. Through the AOL instant messenger and email systems, they would send messages to users while posing as AOL employees.
Those messages would request users to verify their accounts or to confirm their billing information. More often than not, people fell for the ruse; after all, nothing like it had ever been done before. The problem intensified when phishers set up AIM accounts through the Internet; such accounts could not be “punished” by the AOL TOS department. Eventually, AOL was forced to include warnings on its email and instant messenger clients to keep people from providing sensitive information through such methods.
Impact of Phishing Attack on Society
Impact on Businesses
Phishing represents one aspect of the increasingly complex and converging security threats facing businesses today. The methods used by spammers have become more sophisticated, and spam is now increasingly combined with malware and used as a tool for online fraud or theft.
The damage caused by phishing does not only apply to monetary property alone. The fragile bonds of trust that organizations build with their constituents are shattered in the process. As people loss faith in the reliability of electronic communication methods, companies loss their customer base. In the case disasters, people can spend billions in preparation, to analyze weaknesses and improve recovery time, only to have thrust shattered by phishing attacks. This in turn causes a significant loss in money, resources and time.
The most obvious harm caused to legitimate businesses and organizations is the monetary damage that phishing causes. In 2003 alone, it was estimated that phishing caused approximately $1.2 billion in direct financial loses to US Banks and credit card companies. Indirect losses to businesses are much higher because they include customer service expenses, account replacement costs, and higher expenses from online services due to a decrease in use caused by lack of trust in data security. This lack of trust towards online services provided by the organizations is understandable.
Impact on People and Society
The impact of phishing is far more insidious than just an invasion of privacy. Phishing is used to compromise computer security through social engineering. It can be used to steal information, disrupt computer operations, steal money, ruin reputations, destroy important information or feed the ego of an attacker.
So when it comes to the people and society, phishing scams are really damaging the internet. You can always find some scams in your junk mail folder or ads on the Facebook and twitter that try to link you to a fake website. With the fast growing phishing technology and rising social networking, people are getting more risks when they are sharing the personal information online.
For instance, China has the most internet users in the world, there’re about 200 million of them use online shopping or online business. Online shopping has become very popular, because all user needs is a computer that is connected to the internet or even a mobile device. But it has been officially reported that there are 10 thousand phishing websites been created every day, 95% of them are auto-generated by hackers computers themselves. Traditional anti-phishing technologies are lacking of identifying those websites. Most people that use online shopping have encountered the phishing attacks or similar traps, 80% of the phishing websites are getting viewed by both buyers and sellers and 20% of the phishing are succeed. Just in last year, there are more than 60 million people were conned out of $5 billion dollar by the phishing websites in China. Figures like this are expected to be increase.
Ways to Avoid Phishing Attack
- The email has improper spelling or grammar
This is one of the most common signs that an email isn’t legitimate. Sometimes, the mistake is easy to spot, such as ‘Dear eBay Costumer’ instead of ‘Dear eBay Customer.’
Others might be more difficult to spot, so make sure to look at the email in closer detail. For example, the subject line or the email itself might say “Health coverage for the unemployeed.” The word unemployed isn’t exactly difficult to spell. And any legitimate organizations would have editors who review their marketing emails carefully before sending it out. So when in doubt, check the email closely for misspellings and improper grammar.
- The hyperlinked URL is different from the one shown
The hypertext link in a phishing email may include, say, the name of a legitimate bank. But when you hover the mouse over the link (without clicking it), you may discover in a small pop-up window that the actual URL differs from the one displayed and doesn’t contain the bank’s name. Similarly, you can hover your mouse over the address in the ‘from’ field to see if the website domain matches that of the organization the email is supposed to have been sent from.
- The email urges you to take immediate action
Often, a phishing email tries to trick you into clicking a link by claiming that your account has been closed or put on hold, or that there’s been fraudulent activity requiring your immediate attention. Of course, it’s possible you may receive a legitimate message informing you to take action on your account. To be safe, though, don’t click the link in the email, no matter how authentic it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.
- The email says you’ve won a contest you haven’t entered
A common phishing scam is to send an email informing recipients they’ve won a lottery or some other prize. All they have to do is click the link and enter their personal information online. Chances are, if you’ve never bought a lottery ticket or entered to win a prize, the email is a scam.
- The email asks you to make a donation
As unbelievable as it may seem, scam artists often send out phishing emails inviting recipients to donate to a worthy cause after a natural or other tragedy. For example, after Hurricane Katrina, the American Red Cross reported more than 15 fraudulent websites were designed to look like legitimate Red Cross appeals for relief efforts. Potential victims received phishing emails asking them to donate to the Red Cross, with links to malicious sites that stole their credit card numbers. If you’d like to make a donation to a charity, do so by visiting their website directly.
Conclusion
All of these fake-phishing emails have one common goal: They attempt to trick the user into clicking the link. If the user clicks the link, your report shows this as an “Opened” email success. If the user enters a password, the phishing attack was successful and you’ll receive confirmation. The user will receive a notification that they’ve been “phished,” but that no damage has occurred. They’ll then be instructed to watch a short, interactive video explaining what to do differently the next time this occurs.
Phishing is one of the most common attacks and the most successful for attackers. When a phishing attack is successful, it can be devastating for both businesses and individuals. For the individual, it only takes one successful attack to lose it all – your money, your credit rating, your entire life. Make sure you protect yourself, and your friends, too, through ongoing phishing-awareness campaigns. It’s no risk, and all reward.