Posted: August 5th, 2022

Phishing Scams That Target the General Public and Mom and Pop Businesses

Phishing Scams That Target the General Public and Mom and Pop Businesses
Name
Institution

Phishing Scams That Target the General Public and Mom and Pop Businesses
Executive Homework help – Summary
Cyber risks and threats continue to have a devastating impact on the general public and mom and pop businesses. The research provides an analysis of phishing scams that target the general public and mom and pop businesses. Social engineering is reported to have a significant impact as an attack vector for phishing scams. The previous phishing scam methods utilized by the cyber attackers identified include purchase order scams, emails, instant messenger, voice phishing, spear phishing, whaling, and angler phishing. New findings provide emerging sophisticated phishing scams, including fake bills scams, office 365 scams, Dropbox phishing, mobile phishing, invoice scams, and RFP proposal scams. The general public and mom and pop businesses are set to remain targets of the phishing scams and face significant damage and harm, such as theft of sensitive data and information, like credit card details or login credentials.
Introduction
Analysis and research indicate that in addition to the increasing integration of the internet into our daily lives, cyber risks and threats keep increasing and becoming more sophisticated. Cyber risks and threats continue to have a devastating impact on the general public and mom and pop businesses. Although various countermeasures have been developed and implemented to counter the cyber risks and threats, attackers continue to develop more sophisticated tools that enable them to pay pass security measures in place. This paper provides an analysis of the phishing scams that target the general public and mom and pop businesses. The research includes previous approaches to phishing scams and new methods being employed in the phishing scams.
Previous Approaches
Phishing is a cybersecurity threat whereby cybercriminals use social engineering attacks on unsuspecting individuals. Phishing involves a fraudulent attempt to obtain user data or information, such as login credentials and credit card details, by an attacker masquerading as a trusted entity in an attempt to lure the victim into providing sensitive data or information. With social engineering being the leading attack vector for phishing, the attackers have mastered methods of manipulating victims that rely on curiosity, empathy, and fear. The social engineering tactics aimed at luring the victim to open a link that will lead to a malicious site or software programmed to install malware or steal the victim’s sensitive data or information. Phishing cyber threats have long existed, with the previous phishing scam methods traditionally utilized by cyber attackers, including purchase order scams, emails, instant messenger, voice phishing, spear phishing, and whaling and angler phishing (Ramzan, 2010 – Essay Writing Service: Write My Essay by Top-Notch Writer).
Purchase order scams are among the most common phishing methods, which involve sending a fake purchase order mostly through email with attachments. The attachment can be in the form of Microsoft Office Documents, PDF files, or HTML files. The attacker programs the attachment to host malicious macros, VB scripts, or JavaScripts that automatically download the malicious payload upon opening (Rader & Rahman, 2013). Another traditional phishing method is email phishing. Email phishing involves the attacker registering fake domains that mimic organizations that area genuine. The attacker then sends thousands of generic messages using social engineering techniques. The email phishing aims to net significant information and money for the victims that might fall for the scam. Attackers that use email phishing always use character substitution or misspelling in the domain name or extra subdomains. Spear phishing is another commonly used phishing method (Bisson, 2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers). Spear phishing is used to target specific enterprise or person by customizing the attack email to contain the victim name, company, position, work, phone number, home address, and other information that will convince the target into believing have a connection with the email sender. Spear phishing is used to lure the target into clicking a malicious link or opening an email attachment that will enable the attacker to access the target personal data or information (Irwin, 2020). Whaling phishing scams are mostly used against senior executives. Whaling phishing uses malicious URLs and fake links to obtain sensitive data or information. The anger phishing method involves the attacker using cloned websites, URLs, and social media posts to persuade their targets to provide sensitive data or download malware programs.
Another previous method of phishing scams that is commonly used is the instant messenger. The instant messenger phishing is where the attackers compromise one individual’s account and use it to send messages to their conduct. The message asks the receiver to click on the link provided, which takes the target to the website asks the target to enter their credentials related to the instant messenger account. The attackers use the information provided to access the target account messaging service and repeat the attack by sending the message to all conduct in the phonebook. The instant messenger phishing aims to collect as much information as possible that would be used in other phishing methods such as email and spear-phishing (Ramzan, 2010 – Essay Writing Service: Write My Essay by Top-Notch Writer). Although not commonly used, voice phishing is one of the previous phishing methods that were established during the research. Voice phishing is usually used by attackers to support other phishing methods. For instance, the phishers send an email purporting to from a legitimate organization or individual and include the conducted number that the target can call to verify the information. However, the phone conduct attached leads to a rogue service, where the phishers respond in a legit way to convince the target in providing their personal or confidential data.
Phishing scams are likely to cause significant damage and harm to the general business and mom and pop businesses. Some of the impacts of phishing include reputation damage, whereby the announcement of sensitive data loss, such as credit card details and login credentials, could affect a business brand’s trust. Phishing scams can also impact intellectual property by compromising trade secrets, customer information, and recipes. The business victims of phishing scams would likely suffer direct costs (Hudson Valley IT Services, 2020). Direct costs might be associated with direct deposit phishing, business email compromise, conducting investigating of the phishing, compensating the affected customers, and regulatory fines paid to regulatory bodies such as Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA). However, the levels of phishing scams continue to become more sophisticated with the growth of technology.
New Findings
Today, scammers have developed new methods of implementing phishing attacks. They include fake bills scams, office 365 scams, Dropbox phishing, mobile phishing, invoice scams, and RFP proposal scams. The majority of these attacks target the general public and small businesses. The attackers are now recycling the old phishing methods and employing new ones. The findings established fake bills phishing scams as one of the emerging phishing techniques. Fake billing scams focus on the administration department since they tend to be less aware of small business operations enabling the phishers to trick them into paying bills. The attackers trick the administrators by sending fake invitation emails for renewal of the business web domain or to be listed in a trade newspaper or magazine.
Another new phishing scam established is the office 365 scam. The attackers construct emails using the logos of Microsoft and Office 365 that contain warnings regarding different aspects of Office 365. The scam targets the Office 365 administrators by using the warnings to trick them into conducting immediate action due to the compromise of one of the devices. The fake email sent by phishers contains a link that the administrators are supposed to log in to their Office account to address the issue. The link directs the admin to a fake webpage where they disclose their credentials, enabling the attacker to access the original admin account and other access that the victim is linked (Infosec, 2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers). Dropbox phishing is a new phishing method, which involves sending a user an email that looks like it is from Dropbox support. The fake email is designed to warn the receiver about a file that has been sent to them that is large for email. The email contains a link that the user is supposed to click to access the file in Dropbox. The link directs the user to a spoof Dropbox page that requests login credentials stolen by the phishers upon entering.
Fake invoice scams involve the attackers tricking their targets into transferring funds by posing as legitimate companies or partners (Virgillito, 2020). Fake invoice phishing is conducted in three steps. First, the attackers find contracts and names of the business supplier. Then they impersonate legitimate suppliers identified and send bills to the subordinate business personnel. Lastly, the phishers attempt to solidify their phishing attempt by sending fake letters impersonating the designated bank of the actual suppliers. The increased use of mobile devices in business operations has come with mobile phishing threats (Infosec, 2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers). Mobile phishing methods are conducted through text messages, with the tricks used in the email phishing. Mom and pop businesses currently face a new phishing method known as RFP proposal scam that involves fake tender proposals. The scam is achieved by an attacker sending a fake email that contains RFP in PDF format or a link that the target is to use to download the proposal. The email is designed to resemble a legit company or a business partner. When the target opens the PDF, it executes a malicious malware used to obtain sensitive information. The links usually direct the target to a website that requests sensitive data such as bank details required in proposing the bid, which is then used by the attacker to conduct malicious activities.
Conclusion
The research indicates that technological innovations have shifted the phishing scams techniques and methods to include more sophisticated ones. The previous methods’ analysis provides the problems that the general public and mom and pop businesses have been facing, especially concerning the impact the phishing scam comes with. With the new methods highlighted, the businesses and the general public will be facing more threats since the new methods are more sophisticated than the previous ones.

References
Bisson, D. (2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers). Common Phishing Attacks and How to Protect Against Them. Tripwire, Inc. Retrieved from https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/
Hudson Valley IT Services. (2020). The Impact of Phishing on Business. Retrieved from https://www.hudsonvalley-it.com/2020/01/the-impact-of-phishing-on-business/
Infosec. (2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers). 16 business email/mobile phishing tricks to be aware of in 2019: 2024 – Online Assignment Homework Writing Help Service By Expert Research Writers. Retrieved from https://resources.infosecinstitute.com/16-business-email-mobile-phishing-tricks/
Irwin, L. (2020). The 5 most common types of phishing attack. IT Governance. Retrieved from https://www.itgovernance.eu/blog/en/the-5-most-common-types-of-phishing-attack
Rader, M., & Rahman, S. (2013). Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4. https://arxiv.org/ftp/arxiv/papers/1512/1512.00082.pdf
Ramzan, Z. (2010 – Essay Writing Service: Write My Essay by Top-Notch Writer). Phishing attacks and countermeasures. In Handbook of information and communication security (pp. 433-448). Springer, Berlin, Heidelberg.er.
Virgillito, D. (2020). Overview of phishing techniques: Fake invoice/bills. Security Boulevard. Retrieved from https://securityboulevard.com/2020/05/overview-of-phishing-techniques-fake-invoice-bills/

Order | Check Discount