Leo Cardenas

Information Security/Cybersecurity Final Project

1. Introduction:

Phishing scams are a way that someone can take someone else’s information by making
themselves look like a reliable source usually done through an online platform. Information
that can be taken includes things such as usernames, passwords, banking information, and
any other private information. Phishing scams usually target people working for any type of
organization to gain access to all their files. All it takes is for one person to click a link in an
email and all the company/organizations files can be at risk. This topic must be discussed
everywhere due to how prevalent it remains in our society today. With that being said it’s
important that everyone is educated on how to prevent being victim of s phishing scam.

2. Literature Review:

“https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-
attack-works-and-how-to-prevent-it.html”
In an article by CSO Online, it teaches us how phishing scams are weapons in disguise.
One of the most common ways phishing scams get delivered is through emails. It's
extremely important to make sure who you are receiving emails from and make sure it’s
actually from the person it says it’s from before you open a document or press any type
of link. Phishing scams dating back to the 1990s and is still one of the highest online
security risks present today. Phishing kits make it possible for people who aren’t top tier
hackers to set up phishing campaigns. Once a victim or group is targeted, waves of
emails will start being sent, waiting for the next person to make the mistake. There are
multiple variations of phishing scams, one being called Vishing which is a scam that
happens over the phone. Another variation is Smishing, which is a scam over an SMS
message. Spear phishing is when someone or some group is specifically targeted as a
victim in a phishing scam.

“https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing”
In this article by Webroot, it teaches us how to easily spot out different phishing scams
we might encounter in an email. The first thing we should do when looking at a new
email to see if the sender is actually who they really claim to be. If documents and being
sent, make sure they are legit and don’t download anything you might question. Don’t
follow links added into the email to log in anywhere, go to the linked website on your
 own. Make sure you have an anti-virus tool added to your computer or some other sort
of application that helps you look for malicious websites or links.

“https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-
information/phishing”
This article gives us more information about phishing scams. Many scammers will contact
people pretending they are a legit business such as a bank, the IRS, the government, or any
other business. The elderly is a common victim because they are more likely to be convinced
and fall into the scammer’s traps. Alerts that notify you saying that unauthorized or suspicious
activity on your accounts was found and that you need to log in to gain access again are most
likely scams trying to get your logit information. Phishing messages are purposely made to look
like legit sources so it’s always better to question everything than be sorry. Make sure you
always check the sender to make sure it’s actually who they say they are, never click on links or
downloads that you may think are risky and never give out personal information unless 100%
sure.

“https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html”
From an article by Norton security, it talks about the increase of phishing emails due to the
global pandemic of the Corona Virus currently going on. Scammers are now sending emails to
make it look like they are legit organizations spreading information about the virus. Some
emails are sending links to people to open claiming to be statistics about the virus yet actually
being malware that then gets on to your device. It’s important to educate yourself on the
different forms these phishing scams are being introduced to being in emails. A very popular
email going around is a CDC email telling people to click on a link to check out the most recent
cases around their area. Another phishing email claims to give advice and safety measures to
protect oneself by clicking and downloading a document attached. Workplace policy emails
claiming to be a company or organization is yet another phishing scam going around.
It’s important that we stay alert and don’t fall into these traps.

“https://www.informationsecuritybuzz.com/articles/the-future-of-phishing/”
As technology keeps on developing and things get more advanced, so will phishing techniques.
In an article by Information Security Buzz, we get more information on the future of phishing
scams. As time goes on, we are noticing new methods scammers are taking to get others'
information. Some scammers are sending people legit links to Google websites but are
scamming people to make them accept permissions on said website in which you actually give
them permission to look at all your emails and contacts. Scammers having this ability to make
scams look true to their nature yet having it spoofed to be a scam is going to require even more
precaution from everyone. Machine learning, an upgraded email filtering system, risky URL
detection, and other methods are now being used to combat email phishing scams.

3. Process Model
In this flowchart infographic, we can see the steps people should take when they receive an
email to avoid being the victim of a phishing scam. First, we start with the arrival of an email
in which people must look into observantly. Does the email have a link or is it asking us to
press a link? Does the email have any type of attachment your need to click to see it? Is the
email asking for personal or sensitive information? Secondly, look into who Is sending the
email and try to verify its who they say they are. If you’re 100 percent confident in the
sender and can verify it, you’re all set to proceed. If you’re sketched out and have a bad
feeling about the email, it’s important that you report the email or leave the email alone
and don’t click on anything. Phishing emails are now becoming extremely hard to unmask
so it’s important to follow these steps and practice them on all emails.

4. Security Incidents
 Facebook and Google-
Facebook and Google were both hit by a scammer when they fell victims of a
phishing scam between 2013 and 2015. The scammer was able to take around
100 million dollars just by asking for it. In more detail, what the scammer, (who
was later caught and pleaded guilty to wire fraud), did was that he set up a fake
business and sent phishing emails to different employees of Facebook and
Google. The business that he set up looked and behaved like another company,
Taiwan-based Quanta Computer, which actually does business with Facebook
and Google. After sending phishing emails with fake invoices Facebook and
Google thought nothing of it and paid the multimillion-dollar transaction that
they imposed. “https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-
100-million-from-facebook-and-google.html”

 Crelan Bank
Crelan Bank is a Bank in Belgium that was another victim in a Phishing scam. The
scammers were able to take more than 75 million dollars from the bank. This
phishing scam is labeled as a CEO scam because the scammers sent out emails to
employees of the bank claiming to be the CEO and asking for an immediate wire
transfer. The scam was later caught after an internal audit was made. The
scammers were never caught but the Crelan Bank has introduced new security
measures to make sure an event of this caliber doesn’t happen again.
“https://blog.knowbe4.com/crelan-bank-loses-75.8-million-dollars-in-ceo-fraud”
  FACC
FACC is an Australian aerospace parts maker that was targeted and taken
advantage of in a phishing scam. The scammers were able to take around 54
million dollars from yet another CEO fraud scam. The Attackers impersonated
the CEO of the company and sent emails to an entry-level accounting employee
who then transferred the fund to an account for a fake project. This shows how
companies should take efforts in making sure all their employees are trained in
cybersecurity to avoid events like these. Unfortunately, the actual CEO of the
company has been fired due to complaints that he didn’t do his best in
protecting the company from losing millions.
“https://www.pindrop.com/blog/ceo-of-austrian-firm-facc-fired-after-email-
scam/”

5. Security Policy
Some security policies that are relevant to Phishing scams are:
 Confidential Data- everyone wants to keep their personal data secret and
confidential, so it’s important that people are aware of phishing scams to keep
their data safe.
 Device Security- Phishing scams also allow hackers and scammers access to your
device and everything that you have saved in it.
 Email Security- It’s important to know the ropes around email security in order
to prevent yourself from falling victim in a phishing scam.
 Transferring Data- If you’re ever sending any type of data through email or any
other service, make sure you are sending it to the correct person and make sure
to always double check.
 Online Security- Its always important to make sure you are browsing the web
safely and aware of things that might be suspicious. Consider an anti-virus
software.
 If these policies aren’t taken seriously catastrophic results may occur. As previously
stated with examples, phishing scams can lead to a whole bunch of results. Scammers
can take your personal data and use it against you, bank information can be stolen, you
might get malware or even ransomware, you might send information or even money to
the wrong people, or other countless things scammers can and will do. It’s important
that everyone is made aware of all types of phishing scams to avoid failure.

In context of CIA,
 Confidentiality is compromised because these scammers are able to take
any type of data you have that you want to keep secret. This data can
end companies or cost them fortunes.
 Integrity is compromised because the data that these scammers have
taken or can take is unauthorized therefore corrupting the data.
 Availability- Once given these scammers the availability to take all your
data, they’re going to do it. Your data must be secured to only allow
authorized users.

6. Recommendations

Some recommendations I would give is to always be skeptical, never click a link of

something you don’t know, and always make sure you double check. When receiving
any type of email, it’s important to make sure you know who it is coming from and
double check that its actually who they say they are. I’ve received an email before
saying that my Mac had a recall and I had to pay for it to be fixed. I had AppleCare so I
thought that would be covered so I went into an Apple store and told him about the
email, and they told me it was a phishing scam. With that being said I’m glad I didn’t
click any of their links to log into my apple account or I would have been compromised.
Having an anti-virus software on my computer has helped me personally many times as
well. I recommend everyone get some sort of anti-virus software on their computer to
help them detect potential scams or risky situations.
7. Conclusions

Inconclusion, phishing scams are ways scammers are taking peoples information by
disguising themselves as a reliable source. Phishing scams have been with us since the
start of email and aren’t planning to go anywhere soon. It’s important that everyone it
tough about internet safety and phishing scams in order to protect themselves or even
the company/organization they work for. People must remember that when they
receive any type of email/document sent to them, they should take great precaution
before they click a link or send some thing back. Failure to make sure that these
email/documents are from who they say they are can result in data loss, malware,
ransomware, or take anything else you provide to the scammers. It’s always
recommended to install an anti-virus software from a reliable source to try to keep
yourself protected from malicious activity.
 APA 7th Citations

Australian Competition and Consumer Commission. (2020, March 16). Phishing. Retrieved April 28,
2020, from https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-
information/phishing

Campagna, R., & Walker, J. (2017, June 20). The Future Of Phishing. Retrieved April 28, 2020, from
https://www.informationsecuritybuzz.com/articles/the-future-of-phishing/

CEO of FACC Fired After Firm Was Hit by Email Scam. (2017, September 8). Retrieved April 28,
2020, from https://www.pindrop.com/blog/ceo-of-austrian-firm-facc-fired-after-email-scam/

Fruhlinger, J. (2020, April 7). What is phishing? How this cyber attack works and how to prevent it.
Retrieved April 27, 2020, from https://www.csoonline.com/article/2117843/what-is-phishing-
how-this-cyber-attack-works-and-how-to-prevent-it.html

Jr., T. H. (2019, March 27). How this scammer used phishing emails to steal over $100 million from
Google and Facebook. Retrieved April 28, 2020, from
https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-
and-google.html

Sjouwerman, S. (n.d.). Crelan Bank Loses 75.8 Million Dollars In CEO Fraud. Retrieved April 28,
2020, from https://blog.knowbe4.com/crelan-bank-loses-75.8-million-dollars-in-ceo-fraud

Symanovich, S. (n.d.). Beware of these coronavirus scams. Retrieved April 28, 2020, from
https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html

What is a Phishing Email and How Do I. (n.d.). Retrieved April 28, 2020, from
https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing