Background

Summary: Phishing is a type of social engineering technique in which an attacker sends an e-mail or displays a Web announcement that falsely claims to be from a legitimate organization. The intention of the messenger is to trick the user into surrendering private information.

Sociologists would identify phishing as a deviant behavior, as it violates accepted social norms. A formal explanation of deviance is that as “the result of conflict between the culturally prescribed goals of society (such as material success) and the obstacles to obtaining them” (Eitzen, Bacca Zinn and Eitzen Smith, 2014, pg. 7).

Sociologists have identified phishing and malicious hacking as contemporary social problems, and sociological theories can be useful in understanding the people who engage in such deviant activities. The modern deviance discourse has two branches. The first situates the sources of deviation within the social structure. Secondly, the discourse recognizes the power of labeling in in sustaining deviance as abnormal or unique in our society (Eitzen, Bacca Zinn and Eitzen Smith, 2014).

Description: A more specific definition is offered by the Anti-phishing Working Group (APWG): “Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.” The victim in a phishing attack is asked to respond to an e-mail or is directed to a Web site to update personal information, such as passwords, credit card numbers, Social Security numbers, bank account numbers, or other information for which the legitimate organization already has a record. However, the site is actually a fraudulent Web site designed to steal the user’s information.

Risk: Phishing can and usually leads to online identity theft. By capturing a user’s personal information, an attacker can gain access to the user’s account on a legitimate Web site, and can engage in a variety of activities resulting in substantial financial loss to the user, denial of access to e-mail, among other problems.

Example of Occurrence: In July 2011, several hundred twitter users reported receiving direct messages from fellow tweeters asking if their image was captured in an attached video or photo. The message was attractive and engaging, leading many leaders to click on the included link. The users who clicked on the link were then prompted to sign into their twitter account again.

Many users who attempted to enter their credentials in this pop-up, became victims of a phishing attack. Picture 3, demonstrates the fake twitter URL used in the phishing. The users’ information was then co-opted by cybercriminals. It is believed that the passwords were stolen because many people use the same password for several accounts.

The Twitter administration responded on July 9, 2011, reassuring users that they aware of the problem. The response also included reporting the offending domain and changing the affected users’ passwords.

What sort of Tweeter would give away their password? Almost anyone is suspectible.

https://nakedsecurity.sophos.com/2011/07/09/twitter-phishing-attack-spreads-via-direct-messages/

© 2019. NSU Socio-Cybersecurity Project. All Rights Reserved