Dissertation Conclusion Examples on Banking Phishing
Dissertation Conclusion Examples on Banking Phishing
CHAPTER 5: CONCLUSION
The purpose of this dissertation was to examine and investigate the phishing in banking sector with particular focus on its purpose, enforcement and prevention. Through this study the researcher intended to understand and explain what phishing really means and how phishing has become a very influential and important part of the internet.
Phishing is the electronic means of obtaining personal information by disguising oneself as a legitimate online entity. More specifically phishing is the process of creating a fraudulent email or website that appears to originate from a legitimate source. Phishers, who are authors of phishing websites, create a fraudulent website in hopes that visitors will divulge sensitive information such as account numbers, usernames, passwords, pins, social security numbers, etc.
Typically there are three main phases to the phishing cycle. First, the phisher creates a phishing website and then goes phishing by sending out numerous emails to unsuspecting users. The phisher tries to convince the reader of the email to visit the link included in the email. When the user “bites” on the phish, the link in the email directs the user to the phishing site which appears legitimate and similar or identical to the legitimate target site. The phish is successful when the user enters confidential information on the phishing page and it is leaked to the phisher. Afterwards the phisher tries to exploit the confidential information by transferring money, opening accounts, or making purchases using the captured information. Or the phisher merely acts as a middleman and sells the information to other criminals.
The phishing life cycle typically begins with a mass email that attempts to convince the reader to visit the included website link. This phase of phishing is much like fishing. Instead of using a fishing lure and line to catch a fish, a phisher sends out many emails in hopes that a few readers will “bite” at the email lure by visiting the included link to the phishing website. Typically the email looks legitimate and will include a company logo of a popular financial institution and a return address of the legitimate company. The link in the email will also appear legitimate at first glance. The phisher wants the lure to be as authentic as possible so that the victim will “bite”. Usually the phishing email will try to convince the reader to visit the included website in order to update certain information or avoid account termination.
Many techniques are used, but most try to convince the reader that urgent action is needed and prey upon emotion such as urgency, account interruption, or account termination. The bite occurs when the victim clicks on the link in the email and is directed to the phishing website. The phishing website typically looks identical or very similar to the legitimate site it is attempting to impersonate. It is critical that the website looks legitimate so that the user does not suspect that the page is fraudulent. Often the legitimate page is simply copied and hosted elsewhere so the phishing page contains all of the correct styles and content of the legitimate site. Logos, keywords, and even security notices are commonly found on phishing sites to convince the user that the site is legitimate. Once the user visits the phishing website and is assured that the page is legitimate because it resembles the legitimate site, then the phisher can request personal information. It is a critical step for the phisher to first build the trust so the user thinks that the page is legitimate. If there are misspellings, outdated images, or other suspicious content then the user may think twice about entering sensitive information.
Once a user has visited the phishing page and is convinced that the page is familiar and legitimate, then the phisher requests confidential information from the user. Often there is a user login and password box that requests a username and password from the user. Sometimes a phishing page will ask for other confidential information such as account numbers, pins, social security numbers, date of birth, etc. Once the user divulges this information it is typically stored in a database on the phishing server, emailed to a phisher’s email address, or sent to a chat room. After the information is submitted the user will typically receive an error message, return to the phishing login box with the impression that nothing happened, or be redirected to the legitimate website. It will appear to the user that nothing happened even though the information has been leaked. Obviously the phisher doesn’t want the user to know that they have just divulged their confidential information. Phishers harvest confidential information and then either try to exploit it by transferring funds, making purchases, etc. or they sell the information to third party criminals to exploit. Underground internet chat rooms are common meeting areas where phishers can sell confidential information to interested parties.
Purpose of the study
The main purpose of this study was to investigate the growing problems of phishing in the banking industry and the technique involved in hiding the originating IP addresses. The focus of this study was further enhanced by examining the growth across technologies including the mobile phone arena and how technologies to combat phishing are improving. For this purpose, the researcher set before some research questions that guided the research which are as follows:
1. What effect does Phishing have on the banking institution most especially with online banking?
2. What technologies are available to trace, prevent or protect against Phishing attacks?
In this context, the specific objectives of this study were:
1. To understand the forensics and legal prosecution set in place and the part of the law about the phishing.
2. To examine the security of the Internet and online trading in banking sector and how the increase in Phishing attacks and sites weakens confidence in the security of online business.
3. To examine how Phishing works across E-mails, Internet, and mobile phones.
In order to answer the research questions, the researcher used both qualitative and quantitative research methods. Through qualitative research method, the researcher interviewed some banking personnel whose identity was kept confidential in order to meet the research ethics. Apart from the interviews with the banking personnel and the IT specialists, the researcher also collected primary data through questionnaire based surveys. These questionnaires were administrated to 50 participants who were selected randomly and were the end users ranging from 18 to 70 years of age.
Discussion of the results
A phisher doesn’t necessarily need much technical expertise to be successful. There are tools available to send mass emails and create phishing pages. In fact there is a marketplace for compromised hosts where a phishing page can easily be hosted. There are programs to send harvested confidential information from phishing pages to an email account or chat room user. Chat rooms are often used to buy and sell harvested credentials. The phisher may only act as a middleman and sell the confidential information to a criminal who will exploit that information through identity fraud or other means. In this context, the researcher asked some basic questions in order to know their views and perceptions of the topic under discussion. The participants of the interview session were asked if they had ever received any e-mail, which asked for their bank account details. The results of the interviews reveal that 36 out of 50 participants were attacked by phishing scammers, which make for the 72 % of the participants. From these results we may realize how the threat of phishing has grown and endangering event the specialists in their fields. Phishing is a growing problem on the internet today for both consumers and businesses. One of the most common approaches for an attacker is to create a copycat website in order to capture personal information from consumers. A malicious website may look identical to an online bank or other financial institution in order to capture passwords, social security numbers, account numbers, and other confidential information. A victim may not identify the malicious site until after the confidential information has been leaked. While the phishing life cycle typically begins with a fraudulent email, this research focuses on detection methods using the client’s web browser.
It is not easy for beginners or immature end users to safeguard themselves from these phishers. Phishing sites are difficult to conduct experiments on because of their short lived nature and the risks associated with opening harmful websites. In order to be sure that the phishing data is accurate one must manually verify that a site is actually a phishing site by examining the suspected page. Experimenting with phishing sites can be dangerous because some of the suspected phishing sites contain malware that install unwanted programs on a computer. Often anti-virus software would prevent downloading and viewing certain sites that were already downloaded because they contained malware. Sometimes it is necessary to turn off anti-virus software in order to examine certain sites. As such techniques are not well known to the most of the end users they become a prey to phishers and reveal their personal information. It should be obvious that the majority of phishing sites try to mimic the legitimate site as best as possible. After all the phisher is attempting to impersonate the legitimate site so that the victim is confident enough to divulge sensitive information. If the victim isn’t comfortable or familiar with the site layout, then he may become suspicious of the phishing site. Most phishing sites do a good job of appearing legitimate by copying the page layout, fonts, styles, logos, and even security information of the legitimate site. In fact many of the links on the phishing site will actually link to the legitimate site which helps the phishing site appear even more legitimate. Many phishing sites use or copy the style sheet of the legitimate site so that all the page layout, fonts, styles, etc. match the site.
The data collected through survey questionnaires also reveals some important findings reflected the information from the different categories of people depending on age, gender and occupation. The results of the study demonstrated that internet technology is mostly used by younger people and the employed. Moreover these people were more aware of the phishing scams. Although the majority of the participants were aware of phishing scams, the lowest percentage of awareness on phishing scams was found out be among the people who are in their old 50s or 60s, unemployed or retired.
The most important aspect in phishing is the awareness about the threat involved in disclosing personal and financial information carelessly. Getting to know on how informed the end users were on phishing scams was of great interest to the research objectives of the dissertation. It was revealed from the survey that the majority of the participants were aware of phishing scams, especially the young people. For example, 32 out of 50 participants were attacked by phishing scammers, which make for the 64 % of the participants, which comprises the majority of the participants who took the survey.
Besides, the awareness about the threat of phishing, the end users should also be well aware about the impact and consequences of phishing on the reputation of the banks. From all the users who use internet for online banking, it was revealed that Phishing scams would badly damage the reputation of a bank, which was often hit by phishing scams (80% answered that the bank would lose the credibility if it was constantly hit by phishing attacks).
How phishing can be prevented
Phishers naturally want to target a site that has a high reward with little risk. Most phishing attacks target financial institutions such as banks, brokers, credit card companies, etc. Obviously these high value targets have the biggest reward because money can be transferred from an account or a fraudulent credit card purchase or transfer can be made. Other high value targets include eBay and PayPal. Phishers are increasingly targeting even smaller banks such as credit unions because typically these banks don’t have the resources to try and retaliate against phishing attacks. The risk is lower when targeting a smaller bank. Other less damaging targets include online email accounts and social networking sites.
Mimic the legitimate site
It should be obvious that the majority of phishing sites try to mimic the legitimate site as best as possible. After all the phisher is attempting to impersonate the legitimate site so that the victim is confident enough to divulge sensitive information. If the victim isn’t comfortable or familiar with the site layout, then he may become suspicious of the phishing site.
Most phishing sites do a good job of appearing legitimate by copying the page layout, fonts, styles, logos, and even security information of the legitimate site. In fact many of the links on the phishing site will actually link to the legitimate site which helps the phishing site appear even more legitimate.
Many phishing sites use or copy the style sheet of the legitimate site so that all the page layout, fonts, styles, etc. match the site
Mimic the URL
In addition to mimicking the actual content of the websites some phishing sites try to mimic the actual URL of the phishing site. For example one could replace a W with two V’s or a lowercase L with a number 1. Phishing sites often try to use a URL that mimics the legitimate URL or includes the legitimate URL in the phishing URL somewhere.
Update personal information
Some phishing sites don’t try to imitate the legitimate site very well. In fact the phishing page may only have a logo or security seal that matches one on the legitimate site. However these pages can be very dangerous because they will request several pieces of sensitive information. One example is a phishing page that asks the user to update their information such as name, address, phone number, account number, credit card number, etc. These phishing sites can be more difficult to detect because the page doesn’t mimic the legitimate page except for a logo or keyword. Mainly the page contains many input boxes for a victim to enter personal information. However some of these types of phishing pages still use the legitimate sites’ style sheet so they can be detected with the style sheet detection.
Another advanced phishing technique is to poison the DNS table on the local machine. This is a combination of malware and phishing because typically malware is installed to overwrite the computer’s DNS table. The DNS table converts words such as www.ebay.com into numbers for the computer to use in the form of an IP address. If an attacker poisons the DNS table then when the victim visits a site such as www.ebay.com then the phishing site will be loaded instead because the phishing site’s IP address is associated with the domain www.ebay.com. This is an advanced technique and if there is malware installed on the machine, then the attacker probably has access to personal files on the machine. Phishing sites are probably the least of ones worries if the DNS table is poisoned.
Phishing websites have a very short life span. Phishing sites can be active as little as a few hours or as long as several days. Typically most phishing sites are only active a few days before being detected and shutdown. Because of their short life span a blacklist can easily miss new phishing sites.
Implications of the study
This dissertation sheds light on phishing threats, techniques and prevention of phishing. So, the implication of this study is for both the IT specialists, banking personnel and the end users with or without much basic information about phishing. Further, this study contributes significantly to the academic knowledge by examining different aspects of phishing from end users perspective to the specialist knowledge of banking sector.
However, because of the broad nature of the subject, this research provides only information gathered through secondary data such as books, journals and articles published on internet and libraries and the data collected through interviews and surveys. this dissertation does not involve in any experiment on phishing or examining the techniques used by the phishers. Hence, the results of this study can be generalized based on the data that is not experimental in nature and is available from the secondary sources.
Related Searches: phishing attacks, lloyds banking phishing email, natwest online banking phishing, cooperative bank phishing email, natwest bank phishing, how to prevent phishing, phishing examples, phishing pronounced
Note: This work is published as an example of dissertation conclusion chapter. If you are the owner of this work and no longer wish to have this work published at this website you may send us the removal request of this work through email.
Need help in writing the dissertation conclusion chapter? Just fill the Order Form and get your work in email box within the given deadline at the most affordable and cheap price