...just an advantage, it is essential. Yet, connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. This paper is intended to discuss an emerging threat vector which combines social engineering and technology. Utilizing Voice over Internet Protocol (VoIP) convenience combined with electronic mail phishing techniques, Vishing has the potential to be a highly successful threat vector. Vishing victims face identity theft and/or financial fraud. An increased awareness about these attacks will provide an effective means for overcoming the security issues. INDEX 1. Introduction 1 2. What is Vishing? 1 3. How Vishing works? 2 4. The Problem of Trust 4 5. Vishing Characteristics 5 5.1. Type of data prone to attack 5 5.2. Data usage by the attacker 6 6. Other Attacks 6 6.1. Dumpster diving 6 6.2. Card Owner Validation 7 6.3. Handset Blackmail 7 6.4. Exploit payloads 7 7. Overcoming Vishing 7 8. Conclusion 8 References 9 1. Introduction: Many of today’s widespread threats rely heavily on social engineering techniques, which are used to manipulate people into performing actions or divulging confidential information to leverage and exploit technology weaknesses. Phishing is the most commonly exploited threat currently plaguing the...
Words: 2502 - Pages: 11
...Counteracting Social Engineering John Archibeque BSA 310 Aug. 6, 2012 Social Engineering is the art of tricking people into doing something or giving out secure information by manipulating them with conversation. A person who is skilled in this sort of manipulation can trick people to give up information that normally would be kept secure. If a person is not prepared, they will realize, too late, that they compromised the secure information. There are a few different techniques of social engineering. One form is “Pretexting.” This technique is used to fool a business to give up a customer’s information by supplying a little information to make the victim think you really have the authority to access all their information or account. The pretexter simply prepares answers to questions that might normally be asked by the victim. Another technique is “Phishing.” With this technique, the phisher send an e-mail that looks legitimate to victims asking them to update information for an account they have such as EBay, where they might have credit card information stored. They ask the victim to type in their new credit card information in and some do. A third means of attack is “Baiting.” The attacker might leave an infected disk laying around a business hoping that someone picks it up and installs it in their PC which would then infect it and give them access to their information. These forms of theft or attack happen every day all over the world. It is up to us to make...
Words: 273 - Pages: 2
...Scammers use a technique known as phishing, an attempt to get the victim to divulge financial information and can be avoided by not giving out financial information over the phone and using virus protection. In a phishing scam, the thief poses as an employee of a business asking for sensitive information. This can take place in two different forms, Vishing, and Smishing. Vishing uses voice communication to lure potential victims into giving away sensitive information like usernames and passwords or financial information. Such vishing scams have been carried out by scammers impersonating the Internal Revenue Service. The IRS mentions these scams in a public notice where the scammers use fake names, IRS badge numbers and even alter their caller...
Words: 457 - Pages: 2
...voice data is also highly recommended. 4.2 Privacy concerns When data travels across the internet it is possible that a hacker could intercept and listen to confidential conversations and steal vital information. A hacker could also masquerade as another VoIP caller by using a fake caller ID, tricking the receiver into believing that the call is from a trusted source. Privacy concerns relating to leaked information about patients details could be extremely damaging to their reputation and business. Because VoIP calls travel across the public internet, hackers can listen-in by capturing VoIP packets (Shinder, 2015). This is another reason why encryption is so important for business users of VoIP. 4.3 Voice phishing Voice phishing or ‘vishing’ is the illegal access of data over the telephone system whereby individuals are tricked into revealing private personal information, such as bank details, to unauthorised entities (Rousse, 2016). Voice phishing uses social engineering and takes advantage of people’s trust of the telephone more so than the web. Voice phishing may not be as much of a concern for the healthcare clinic as staff members are unlikely to give out private and confidential information about their patients without first verifying who the caller is. That being said, staff could be trained how to properly verify who the caller is and how to identify voice phishing attempts. Any suspicious calls should be reported to the management team. Once the reported number has...
Words: 1263 - Pages: 6
...technique they typically already have some type of information to make it seem that much more believable. To prevent this tactic, stay aware of odd questions and situations that may present themselves and stay diligent. Shoulder surfing is the technique is just as it also sounds most often being used at ATMs. The scammer will literally look over your shoulder to see your pin number or codes. This could also happen at stores where you use your debit or credit card to make a purchase. To prevent this from happening you should always be aware of your surroundings and always be better safe than sorry. On the other end technological schemes include credit or debit card theft, skimming, pretexting, man-in-the-middle attack, phishing, pharming, vishing, search engine phishing, SMishing, Malware Based Phishing, phishing through spam, and spear phishing. Credit and debit card theft is a fraud where somebody has stolen your identity. This could have a severe impact on your life since the information on the card can be used to perpetrate other types of identity theft crimes. They can use things such as signatures on the back of the card to obtain the information they need to open other credit card accounts and jeopardize your finances. The best way to prevent this from happening is writing see ID on the back of cards. You should also make sure your card is always in plain sight like at restaurants where the waiter sometimes takes the card to complete the transaction. Also never use a credit...
Words: 1134 - Pages: 5
...How Ethics Relate To Computer Crimes Herman T. Everidge III Legal and Ethical Issues in Computing CIS 4253, 847 James R. Moore, Jr. September 29, 2012 Computer Viruses, Worms, Trojan Horses and Malware Malware refers to software programs designed to damage or do other unwanted actions on computer systems; viruses, worms, Trojan horses, and spyware are the most common types of malware. Computer viruses show us how vulnerable we are; viruses can have a devastating effect on businesses, they disrupt productivity and can cause billions of dollars in damages. They also show us how sophisticated and interconnected we have become. Computer viruses are called viruses because they share some of the traits of biological viruses; computer viruses pass from computer to computer much like a biological virus passes from person to person. Computer viruses are created by people by writing code to create the virus, and designing the attack phase which could be a message or initiate the destruction of a piece of hardware. Early viruses were pieces of code embedded in legitimate programs, like games or word processors. A virus is a small piece of software that piggybacks on real programs; it might attach itself to a program and each time the program runs the virus runs too, and they can reproduce by attaching to other programs. E-mail viruses travel as an attachments to e-mail messages and can replicate themselves by automatically mailing itself to people in the victim's e-mail address...
Words: 3580 - Pages: 15
...Information Security Project This assignment is designed to help you understand how an incident response plan is put into place. In an IT environment, it is typical for multiple members of the IT Department to be part of the planning and response efforts for many security incidents. Because of this, it will be helpful that you understand how the process works. Please be sure that your response to the incident make sense and are developed by your own research on how to respond to the incident. Details on what should be included in the Incident Response Plan are below. For the deliverable, use Calibri font, Size 14. This should be in your own words. Plagiarism goes against school policy and will result in a zero for the assignment. Please note that this is 21% of your grade for the class; take the time to be detailed and I expect questions from you about it. After all, this project is all about you learning how the process works. Phase 1: Week 5 Step 1: Choose an incident type to create a response plan with. I’ve supplied a list for you below. Step 2: Find supporting materials on how to respond to the incident. You should be able to use a common search engine and find this. Phase 2 Step 3: Develop a summary of the incident that occurred; recommended 1-2 paragraphs; can be brief. If you can find an incident online that matches your project choice, you can use this summary. Make up a business name of the company that you work for. The sky is the limit in terms...
Words: 625 - Pages: 3
...• Constitutional Speech (Personal and Corporate) * (personal); afforded highest protection by the Courts. Balance must be struck between a government’s obligation to protect its citizens versus a citizen’s right to speech. In other words, if government suppresses speech it must be to protect the citizens. EX. Don’t yell fire in a crowded area. See below. * If restriction is content neutral, restrictions must target some societal problem – not to primarily suppress the message. (Corporate); -Political speech by corporations is protected by the First Amendment. -In Citizens United v. Federal Election Commission (2010) the Supreme Court ruled that corporations can spend freely to support or oppose candidates for President and Congress. • Commercial Speech -Courts give substantial protection to commercial speech (advertising). -Restrictions must: Implement substantial government interest; directly advance that interest; and go no further than necessary. EX. Bad Frog Brewery, Inc. v. New York Liquor Authority= their logo of the frog flipping people off was denied so the company sued and won because their logo is only put in bars, alcohol sections in stores, etc. • Due Process (procedural and substantive); Fifth and Fourteenth Amendments provide “no person shall be deprived of life, liberty or property without due process of law.”; (Procedural) -Procedures depriving an individual of her rights must be fair and equitable. -Constitution requires...
Words: 953 - Pages: 4
...CIS 500 Weeks 6, 7, 8,9,11 Discussion Questions Week 6 * Mobile banking features have added several advantages for customers however; there are security risks that come with them. Determine the security risks with respect to phishing, smishing, vishing, cloning, and a lost or stolen smartphone that have been experienced by the financial services industry as a result of mobile banking. Phishig – Is when malware is downloaded on to a device and it attempts to obtain personal information. It lies in wait and gathers information from apps such as a mobile banking app to gain your login and password. If you bank does not have proper security in place this can lead to your account getting hacked and loss of money. Smishing- This is where fraudulent communication occurs in the form of a text message in order to obtain personal information. Vishing – This is similar to smishing instead of getting information through text it is obtained through phone calls or voicemails. Cloning- The transfer of information from one device to another device including the electronic serial number When a smartphone is lost or stolen this can lead to a compromise to a person’s personal information since it may be on the phone. I bank with Bank of America and use the mobile app to manage my account transfer funds, pay bills, deposit checks and so on. The app does not store the password but it does store the user login. You are unable to just log in to it from a new device or location without verify...
Words: 2846 - Pages: 12
...A Structured Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...
Words: 15039 - Pages: 61
...Common Information Security Threats Paper Courtney Gardner CMGT/400 2-25, 2013 Terry Green Common Information Security Threats Paper The growing number of security treats an organization faces from day to day grows substantially as each day passes. Even the failed attempts to access secure data bear fruit of some kind in the form of another vulnerability being discovered or a different tactic is used that the company wasn’t prepared for. One organization that can’t afford not to be prepared is the Chase Bank organization. This financial institution is very accustomed to fending off skilled cyber thieves. It gets hit every day by thousands if not tens of thousands of attacks on their infrastructure and networks I will discuss three major threats that Chase faces DDoS attacks, Mobile Banking and Phishing. Transferring funds out of users' accounts is a major security treat they face. This can be achieved many ways which makes it an active job for the security admins of banks. Online banking has opened the banks to a wide variety of vulnerabilies that much be patched or mitigated to the lowest degree possible. Being the victim of a DDoS attack is always a possibility for Chase as they contact a large amount of online tractions and overseas money handling. Attackers can employee DDoS attacks, or distributed denial of service attacks, named for denial of customer service by aiming large capacities of network traffic to a website until it forced to or collapse. To help combat...
Words: 1188 - Pages: 5
...Social engineering is one of the most successful types of attacks users can be subjected to. Companies can spend thousands of dollars on top of the line protection for the system, but how do you protect from the user? These type of attacks can happen to the most novice of computer users all the way up to the masters of the IT field. Common social engineering attacks can happen over the phone, in person or even just over the internet without direct social interaction. A lot of people believe they couldn’t possibly be a victim of social engineering attacks . A quote from Joan Goodchild’s article from Chris Roberts, a security consultant, discuses these feelings: “"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal. " Popular social engineering attacks happen and are successful because of the need for social compliance. Most people want to help others, especially if that is your job (ie customer service representatives or help desk personnel). Being an employee in customer service can prove challenging when it comes to battling these attacks. “Social engineering is essentially...
Words: 1344 - Pages: 6
...MIS535 – Managerial Applications of Information Technology Course Project: Installing an IP Phone System Company Information and Abstract: Holt’s Cigar Company has been in business for over 100 years. The first store opened in 1898. There are now two retail locations in the Philadelphia area. Holt’s also provides a mail order service where cigars can be purchased online or by phone in most states. Holt’s Cigar Company is also part of Ashton Distributors. The same person owns them. Holt’s is the retail store and Ashton is a wholesale company. The total amount of employees for both companies is around 100 people. I work in the IT Department. We are in charge of maintaining the network, helping users, and maintaining the phone system. The phone system is over 10 years old and is an analog system. This system runs off of Windows Server 2000. Windows Server 2000 is very old software and Microsoft does not support it anymore. So this means there are no new updates or patches to software. This can leave our phone system open to outside attacks from hackers. Our biggest problems with the current system are functionality and features. The system randomly stops working about once a week and this usually occurs during business hours. The server needs to be re-booted when this happens. The IT Department cannot re-boot this system remotely. It must be manually re-booted at our Northeast Philadelphia location where it is housed. The phones will not work at all...
Words: 3299 - Pages: 14
...Cyber Crime Research Presentation by the Australian Institute of Criminology Dr Russell G Smith Principal Criminologist The Australian Institute of Criminology • Australia's national research and knowledge centre on crime and justice • Core funding from the Australian Government, with income for contract research from public and private sectors • Criminology Research Advisory Council representing all jurisdictions • Staff of 30 academic researchers and 25 support staff – total 55 Cyber crime research Research questions • • • • • • • • • • How are cyber crimes committed (e.g. credit cards, internet)? How many crimes are committed and what are the crime trends? Who commits them and why do people commit them? How much money is at stake, lost and recovered? How can such crime be reduced – by prevention or punishment? Online and desk-based reviews of books, reports and articles Legislative and case-law analysis, including sentencing research Consultations with business, government and the community Surveys of households, businesses, offenders and victims Analysis of media reporting of crime Research methods Dissemination of findings • Reports, books, articles, conference papers, roundtables, online, media Cyber crime concepts Organised Crime e.g. OMCGs Identity Crime Cyber Crime e.g. off-line crimes e.g. ID theft Internet Crime e.g. Offensive Content Phishing Financial Crime e.g. Home renovation scams A chronology of cyber crime Cloud...
Words: 1301 - Pages: 6
...Biometrics within Financial Institutions Abstract This paper presents a problem with the use of technology within the Credit Unions and Banking industries. Technological innovations have allowed the industry to be more open to consumers and challenges that the current economy has posed. Modern technology is also change the landscape of how, when and where business is conducted with financial institutions and consumers, businesses, and other organizations. Technology driven issues such as privacy, security and trust, have been pushed to the forefront, which makes the line between mobile banking and banking online increasing difficult to distinguish. Credit Unions like other banking institutions rely on gathering, processing, analyzing and providing information to meet the demands of the consumer. Given the importance of information systems within banking its not surprising to find, risks within the systems are developing in nature. History Truliant Federal Credit Union was started in Winston-Salem, North Carolina around 1952. They serve over 180,000 member owners and more than 900 business and organizations with $1.6 billion in assets. Truliant as it will be referred to in this paper has 21 financial locations in North Carolina, South Carolina, and Virginia. One philosophy that stands out or is a representation of what this particular Credit Union stands for is “ people helping people”. Like other not for profit organizations, they provide individuals and small business with...
Words: 1787 - Pages: 8
