See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/370608906

A COMPREHENSIVE STUDY OF PHISHING ATTACKS AND THEIR

COUNTERMEASURES

Research · April 2023

DOI: 10.13140/RG.2.2.36686.13120

CITATIONS READS

0 315

2 authors, including:

Sandeepta kumar Gouda

KIIT University
1 PUBLICATION 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Sandeepta kumar Gouda on 09 May 2023.

The user has requested enhancement of the downloaded file.

© 2023 IJRAR April 2023, Volume 10, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)

A COMPREHENSIVE STUDY OF PHISHING

ATTACKS AND THEIR COUNTERMEASURES
Mr. Sandeepta Kumar Gouda School of Computer Applications
Kalinga Institute of Industrial Technology Patia, Bhubaneswar

organizations better understand the nature of these threats

Abstract : This research paper presents a comprehensive and how to protect against them [1].
study of phishing attacks and their countermeasures. Phishing
attacks are a major threat to individuals and organizations Fig: 1 Background of phishing attacks
worldwide, and understanding the various types of attacks,
the techniques used, and the impacts of these attacks
is critical in developing effective countermeasures. This B. Importance of Phishing Attacks
paper discusses the different types of phishing attacks, the
techniques used by attackers, and the impacts of successful Phishing attacks are a significant threat to individuals and
attacks on individuals and organizations. It also provides an
overview of technical and non-technical countermeasures
that can be used to prevent and mitigate the risks of phishing
attacks. Additionally, this paper includes case studies of recent
high-profile phishing attacks and explores emerging trends in
phishing attacks and potential future countermeasures. The
findings of this study provide practical recommendations for
organizations to improve their security posture and protect
against the threat of phishing attacks.

IndexTerms - Phishing Attacks,Cyber security,Social

Engineering,Malware-based Techniques,Anti-Phishing,Two-
Factor Authentication,Training and Awareness
Programs,Case Studies.

I. INTRODUCTION

A. Definition of Phishing Attacks organizations worldwide, and their importance cannot be

Phishing attacks are a form of cyber attack that involves
the use of fraudulent emails, text messages, or phone calls to
deceive individuals into divulging sensitive information,
such as passwords, social security numbers, or credit card
details. These attacks have become increasingly
sophisticated in recent years, making them a significant
threat to individuals and organizations worldwide. In
response, it is essential to develop a comprehensive
understanding of phishing attacks and their countermeasures
to effectively protect against these threats.
This research paper presents a detailed analysis of phishing
attacks, including the various types of attacks, the
techniques used by attackers, the impacts of successful
attacks, and the countermeasures that can be used to prevent
and mitigate the risks of these attacks. By providing a
comprehensive study of phishing attacks and their
countermeasures, this research aims to help individuals and
overstated. Phishing attacks have been responsible for
significant financial losses, data breaches, and reputational
damage to organizations. Moreover, phishing attacks can
lead to identity theft, ransomware infections, and other
cyber crimes. It is crucial to recognize that phishing attacks
are not limited to any specific industry or organization size.
Anyone with an email account or access to the internet can
fall victim to a phishing attack. Therefore, it is essential to
study and understand the nature of these attacks and the
techniques used by attackers to prevent and mitigate their
impact. This comprehensive study of phishing attacks and
their countermeasures will provide individuals and
organizations with the knowledge and tools necessary to
protect against these threats and ensure the safety of their
sensitive information.

IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR) 78

© 2023 IJRAR April 2023, Volume 10, Issue 2
C. Purpose of the Research
The purpose of this research paper is to provide a
comprehensive study of phishing attacks and their
countermeasures. The paper aims to examine the various
types of phishing attacks, the techniques used by attackers,
and the impacts of successful attacks on individuals and
organizations. Additionally, this research paper will explore
the technical and non-technical countermeasures that can be
used to prevent and mitigate the risks of phishing attacks.
By providing a detailed analysis of phishing attacks and
their countermeasures, this research paper aims to equip
individuals and organizations with the knowledge and tools
necessary to protect against these threats. Additionally, this
research paper aims to contribute to the broader
conversation surrounding cybersecurity and the ongoing
battle against cybercrime.
The findings of this study will provide practical
recommendations for organizations to improve their security
posture and protect against the threat of phishing attacks.
II. TYPES OF PHISHING ATTACKS
A. Email Phishing Attacks
Email phishing attacks are a form of social engineering
that uses fraudulent emails to deceive individuals into
divulging sensitive information such as usernames,
passwords, or credit card information. These attacks often
involve spoofing legitimate emails from well-known
organizations, making them difficult to detect. Additionally,
attackers use a variety of techniques to persuade the
recipient to click on a malicious link or download malware,
such as using a sense of urgency, claiming to be from a
reputable source, or offering a reward.
The success of email phishing attacks can result in
significant financial losses and reputational damage to
organizations. To prevent and mitigate the risks of email
phishing attacks, technical and non-technical
countermeasures can be employed, such as email filtering,
multi-factor authentication, employee education, and
incident response planning [2].
By implementing these countermeasures, individuals and
organizations can significantly reduce the risks of falling
victim to email phishing attacks. Therefore, understanding
the various techniques used in email phishing attacks and
the countermeasures available to prevent and mitigate the
risks of these attacks is crucial for individuals and
organizations in today's digital age.
B. Spear Phishing
Spear phishing is a more sophisticated and targeted form
of phishing attack that involves sending fraudulent emails to
specific individuals or groups, often in organizations or
businesses. Spear phishing attacks are often personalized
and may include information about the recipient's job,
employer, or recent activities to make the email appear more
legitimate. Attackers use social engineering techniques to
persuade the recipient to click on a malicious link or
download malware, which can give the attacker access to
sensitive information or systems. Spear phishing attacks are
particularly challenging to detect as they are often designed
to bypass traditional email security systems. To prevent and
mitigate the risks of spear phishing attacks, technical and
non-technical countermeasures can be employed, such as
IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
email filtering, employee education and training, and
incident response planning. Additionally, organizations can
implement multi-factor authentication and access controls to
limit the impact of a successful attack.
It is crucial for individuals and organizations to understand
the techniques used in spear phishing attacks and the
countermeasures available to prevent and mitigate the risks
of these attacks. By implementing effective
countermeasures, individuals and organizations can
significantly reduce the risk of falling victim to spear
phishing attacks [3].
C. HTTPS Phishing
HTTPS phishing, also known as SSL phishing or secure
phishing, is a type of phishing attack that takes advantage of
the trust users have in the HTTPS protocol. HTTPS is a
protocol used to provide secure communication over the
internet and is commonly used for secure online
transactions, such as online banking or shopping. Attackers
can create fraudulent websites that use HTTPS to trick users
into thinking the website is legitimate and secure, making
them more likely to enter sensitive information. This is
achieved by obtaining a valid SSL certificate or by using
free SSL certificates provided by various certificate
authorities. Once the user enters their sensitive information,
the attacker can use it for fraudulent activities, such as
identity theft or financial fraud.
To prevent and mitigate the risks of HTTPS phishing
attacks, users should be trained to verify the website's
legitimacy and look for visual indicators, such as a padlock
symbol or the website's URL, to ensure they are on the
correct website. Additionally, organizations can implement
web filtering and firewall rules to block access to fraudulent
websites. It is essential for individuals and organizations to
understand the risks associated with HTTPS phishing
attacks and the countermeasures available to prevent and
mitigate the risks of these attacks.
D. Pop-up Phishing
Pop-up phishing is a type of phishing attack that uses pop-
up windows to trick users into revealing sensitive
information. Pop-up phishing attacks typically start with a
legitimate-looking website or email that includes a link or
button that opens a pop-up window. The pop-up window
may ask the user to enter personal or financial information,
such as a credit card number or login credentials. The pop-
up window may also contain a message that claims the
user's computer is infected with a virus or malware and
encourages them to download a software update or anti-
virus program.
In reality, the software is malicious and infects the user's
computer with malware or spyware. Pop-up phishing attacks
are often difficult to detect as they may look like legitimate
pop-up windows from trusted sources. To prevent and
mitigate the risks of pop-up phishing attacks, users should
be trained to recognize phishing emails and websites and to
avoid clicking on links or buttons in pop-up windows.
Additionally, organizations can implement web filtering and
ad-blocking software to block pop-up windows and prevent
users from visiting fraudulent websites. It is crucial for
individuals and organizations to understand the risks
associated with pop-up phishing attacks and the
countermeasures available to prevent and mitigate the risks
of these attacks.
E. Evil Twin Phishing
26
© 2023 IJRAR April 2023, Volume 10, Issue 2
Evil twin phishing is a type of phishing attack that takes
advantage of public Wi-Fi networks. In an evil twin
phishing attack, an attacker creates a fake Wi-Fi access
point that appears to be a legitimate public Wi-Fi network,
such as a coffee shop or airport Wi-Fi. When users connect
to the fake network, the attacker can intercept their internet
traffic and steal sensitive information, such as login
credentials, credit card information, and personal data. Evil
twin phishing attacks are particularly effective as users often
connect to public Wi-Fi networks without verifying the
network's legitimacy [4].
To prevent and mitigate the risks of evil twin phishing
attacks, users should be trained to verify the network's
legitimacy before connecting to public Wi-Fi networks.
Additionally, organizations can implement security
protocols, such as VPNs, to encrypt internet traffic and
protect users from malicious attacks. It is essential for
individuals and organizations to understand the risks
associated with evil twin phishing attacks and the
countermeasures available to prevent and mitigate the risks
of these attacks.
F. Clone Phishing
Clone phishing is a type of phishing attack that involves
creating a nearly identical copy of a legitimate email or
webpage. In a clone phishing attack, the attacker copies an
email or webpage and makes a few changes, such as
replacing a link or attachment with a malicious one. The
attacker then sends the cloned email to the original
recipient, hoping to trick them into thinking it is a legitimate
email. Clone phishing attacks are often successful because
the cloned email or webpage looks legitimate and may come
from a trusted source.
To prevent and mitigate the risks of clone phishing attacks,
users should be trained to examine emails and webpages
carefully and to verify their authenticity before clicking on
links or downloading attachments. Additionally,
organizations can implement email security protocols, such
as DMARC, to detect and block clone phishing emails. It is
crucial for individuals and organizations to understand the
risks associated with clone phishing attacks and the
countermeasures available to prevent and mitigate the risks
of these attacks.
G. Man-in-the-Middle (MTM) Attacks
Man-in-the-Middle (MTM) attacks are a type of phishing
attack that occurs when an attacker intercepts
communications between two parties, such as a user and a
website. In an MTM attack, the attacker positions
themselves between the user and the website, intercepts and
reads the communication, and then relays it to the other
party. This allows the attacker to steal sensitive information,
such as login credentials and personal data, and even modify
the communication for their own purposes. MTM attacks
are particularly effective against unsecured websites and
unencrypted communications.
To prevent and mitigate the risks of MTM attacks, users
should be trained to use secure websites and communication
channels, such as those that use HTTPS and VPNs.
Additionally, organizations can implement network security
protocols, such as firewalls and intrusion detection systems,
to detect and block MTM attacks [5].
IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
Fig: 2 Man-in-the-Middle Attacks
It is vital for individuals and organizations to understand the
risks associated with MTM attacks and the countermeasures
available to prevent and mitigate the risks of these attacks.
H. Website Spoofing
Website spoofing is a type of phishing attack that involves
creating a fake website that looks like a legitimate website
to trick users into providing their sensitive information. In a
website spoofing attack, the attacker creates a website that
looks almost identical to the original website and then sends
out emails or messages directing users to the fake website.
Once on the fake website, users may enter their login
credentials, personal information, and other sensitive data,
which is then stolen by the attacker. To prevent and mitigate
the risks of website spoofing attacks, users should be trained
to examine website URLs carefully, look for security
indicators such as HTTPS, and avoid clicking on suspicious
links.
Additionally, organizations can implement security
measures such as multi-factor authentication and web
filtering to detect and block website spoofing attacks. It is
important for individuals and organizations to understand
the risks associated with website spoofing attacks and the
countermeasures available to prevent and mitigate the risks
of these attacks.
I. Domain Spoofing
Domain spoofing is a type of phishing attack that involves
forging the sender's email address to appear as if it is
coming from a legitimate domain. In a domain spoofing
attack, the attacker crafts an email message that appears to
be from a legitimate source, such as a bank or a popular e-
commerce website, and then sends it to the victim. The
email may contain a call to action, such as clicking on a link
or downloading an attachment, which then leads the victim
to a fake website where their personal information is stolen.
To prevent and mitigate the risks of domain spoofing
attacks, organizations can implement email authentication
protocols, such as SPF, DKIM, and DMARC, to detect and
block spoofed emails. Additionally, users should be trained
to look for red flags, such as misspellings or suspicious
requests, and to verify the authenticity of the email by
contacting the sender through a trusted channel. It is crucial
for individuals and organizations to understand the risks
associated with domain spoofing attacks and to implement
the necessary countermeasures to protect against them [6].
27
© 2023 IJRAR April 2023, Volume 10, Issue 2
J. Image Phishing
Image phishing is a relatively new type of phishing attack
that involves the use of images to deceive users into
divulging their personal information. In an image phishing
attack, the attacker sends an email that contains an image
that appears to be legitimate and trustworthy. The image
may contain a link or a call to action that leads the victim to
a fake website where their personal information is then
stolen. Image phishing attacks can be difficult to detect
because the image may not trigger the usual warning signs
associated with phishing emails, such as misspellings or
suspicious requests.
To prevent image phishing attacks, individuals and
organizations should use security software that can detect
and block suspicious images. Additionally, users should be
trained to be cautious when clicking on links or
downloading attachments from unknown senders, even if
the image appears to be legitimate. By being aware of the
risks associated with image phishing attacks and
implementing the necessary countermeasures, individuals
and organizations can better protect themselves against this
increasingly common type of phishing attack.
III. TECHNIQUES USED IN PHISHING ATTACK
A. Social Engineering Techniques
Social engineering techniques are commonly used in
phishing attacks to manipulate victims into divulging
sensitive information. Phishers often use psychological
manipulation tactics to deceive individuals into revealing
their personal or financial information. Common social
engineering techniques used in phishing attacks include
pretexting, baiting, quid pro quo, and phishing via phone.
Pretexting involves the creation of a false narrative or
situation to gain the trust of the victim, while baiting
involves offering something of value in exchange for the
victim's information. Quid pro quo involves offering a
service or favor in exchange for the victim's information,
and phishing via phone involves using voice communication
to obtain the victim's information.
B. Malware-based Techniques
Malware-based techniques are widely used in phishing
attacks to gain access to sensitive information, such as
passwords and financial details. Malware is often delivered
to the victim's device through email attachments, malicious
links, or software downloads. Once installed, the malware
can capture keystrokes, take screenshots, and even record
audio and video. It can also steal files, send spam emails,
and create backdoors for hackers to access the victim's
device remotely. Common types of malware used in
phishing attacks include Trojan horses, spyware,
ransomware, and botnets.
These types of malware can be difficult to detect and can
cause significant damage to individuals and organizations.
To counteract these malware-based techniques, anti-virus
software, firewalls, and other security measures can be
implemented to prevent malware from infecting devices and
networks. Regular software updates and employee training
on safe internet practices can also help reduce the risk of
falling victim to malware-based phishing attacks.
IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
C. URL Spoofing
URL spoofing is a technique used in phishing attacks to
create fake web pages that appear legitimate. Attackers use
various tricks, such as changing a single character in the
URL or using a similar-looking domain name to deceive
users into thinking they are accessing a legitimate website.
In URL spoofing attacks, attackers usually send phishing
emails containing a link to the fake website or use social
engineering tactics to convince the user to enter sensitive
information into the fake website.
This technique is highly effective as users often rely on the
appearance of the URL and assume that it is legitimate.
However, there are several countermeasures available to
detect and prevent URL spoofing attacks, such as using
browser extensions that verify the legitimacy of a website's
SSL certificate, using URL scanning services, and training
users to recognize phishing emails and websites. It is
essential for individuals and organizations to be aware of
the risks associated with URL spoofing attacks and take
appropriate measures to protect themselves from potential
threats.
D. Credential Harvesting Techniques
Credential harvesting is one of the most common
techniques used in phishing attacks, which involves stealing
sensitive login credentials from unsuspecting users.
Attackers often send phishing emails that impersonate
legitimate websites, asking users to enter their login
credentials. Once the users enter their credentials, the
attackers can use them to gain unauthorized access to their
accounts, steal their personal information, or launch further
attacks. Another credential harvesting technique used by
attackers is the use of keyloggers or screen scrapers, which
can capture every keystroke or screenshot entered by the
user, including sensitive login credentials.
Additionally, attackers may also use fake login pages or
forms that mimic the look and feel of legitimate websites to
trick users into entering their login credentials. It is essential
for users to be aware of these credential harvesting
techniques and take appropriate measures to protect their
sensitive information, such as enabling multi-factor
authentication and being cautious of suspicious emails or
websites.
E. Session Hijacking
Session hijacking is a technique used in phishing attacks
where an attacker takes control of a legitimate user's web
session to gain unauthorized access to sensitive information.
In a session hijacking attack, the attacker intercepts the
communication between the user and the server, and steals
the session ID or token. Once the attacker obtains the
session ID, they can use it to impersonate the user and
access their account [7].
This type of attack can be carried out in various ways, such
as through the use of packet sniffers, cross-site scripting
(XSS) attacks, or by exploiting vulnerabilities in the web
application. Session hijacking attacks can be particularly
dangerous because they can give the attacker access to
sensitive information such as usernames, passwords, and
personal data. To prevent session hijacking attacks,
techniques such as the use of secure cookies, enforcing
secure communication channels (HTTPS), and
implementing multi-factor authentication can be employed.
28
© 2023 IJRAR April 2023, Volume 10, Issue 2
IV. IMPACTS OF PHISHING ATTACKS
A . Financial Impacts
Phishing attacks can have significant financial impacts on
both individuals and organizations. For individuals,
phishing attacks can result in the loss of personal financial
information, such as credit card numbers and login
credentials, which can then be used to steal money from
bank accounts or make unauthorized purchases. In some
cases, victims may also be tricked into wiring money to
scammers, thinking they are making a legitimate payment.
For organizations, phishing attacks can lead to the loss of
sensitive financial data or the theft of funds from business
accounts. The costs associated with investigating and
remediating the attack, as well as potential legal fees or
regulatory fines, can also add up quickly. Additionally, a
successful phishing attack can damage an organization's
reputation and result in the loss of customers and revenue.
Overall, the financial impacts of phishing attacks can be
severe and long-lasting.
B. Reputational Impacts
Phishing attacks not only cause financial damages to
organizations but also have serious reputational impacts.
When an organization falls victim to a phishing attack, it
risks losing the trust of its customers, investors, and other
stakeholders. The breach of personal information, sensitive
data, or financial details of clients due to phishing attacks
can lead to negative publicity, tarnishing the image of the
organization. It can also result in a loss of business
opportunities as potential customers may switch to
competitors who have better security measures. In addition,
reputation damage can also impact the morale and
motivation of employees, leading to a decline in
productivity and performance. Therefore, it is crucial for
organizations to implement effective countermeasures to
prevent phishing attacks and safeguard their reputation.
C. Legal Impacts
Phishing attacks not only result in financial and
reputational damage, but they can also lead to legal
consequences for both individuals and organizations. The
use of deceptive practices to acquire sensitive information
or unauthorized access to systems can be deemed illegal and
subject to prosecution. Laws such as the Computer Fraud
and Abuse Act (CFAA) and the Electronic Communications
Privacy Act (ECPA) in the United States have been
established to prevent such cybercrimes and impose legal
consequences on perpetrators [8].
Fig: 3 Organisations hit by phishing
IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
In addition, organizations that fail to adequately protect
their customers' data from phishing attacks may face
regulatory fines and lawsuits, leading to significant financial
losses. Therefore, it is essential for organizations to
implement effective security measures to prevent phishing
attacks and protect their customers' sensitive information.
V. COUNTERMEASURES AGAINST PHISHING ATTACKS
A. Technical Countermeasures
1 ) Anti-Phishing Software: Anti-phishing software is a
critical countermeasure against phishing attacks. It is
designed to identify and block phishing emails, websites,
and other fraudulent activities. The software uses a
combination of techniques such as signature-based
identification, machine learning algorithms, and URL
reputation checks to detect phishing attempts. When an
email or website is identified as a phishing attempt, the
software will alert the user and block access to the
fraudulent content [9].
Additionally, some anti-phishing software can also provide
real-time protection by monitoring user behavior and
detecting suspicious activity. This type of software is
continuously updated to keep up with the latest phishing
techniques and attack vectors. Anti-phishing software is an
essential component of any comprehensive security strategy
to protect against phishing attacks. However, it is important
to note that no software is 100\% effective, and user
awareness and education are also crucial to preventing
successful phishing attacks.
2 ) Email Authentication: Email authentication is an
effective countermeasure against phishing attacks. It
involves using various protocols to verify the authenticity of
emails and ensure that they have not been forged or
tampered with in any way. One such protocol is
DomainKeys Identified Mail (DKIM), which adds a digital
signature to outgoing emails that can be checked by the
recipient's email server. Another protocol is Sender Policy
Framework (SPF), which verifies that the sending server is
authorized to send emails on behalf of the domain. DMARC
(Domain-based Message Authentication, Reporting, and
Conformance) is a policy that uses both DKIM and SPF to
determine the validity of an email message.
These protocols can detect and prevent spoofed emails from
being delivered to recipients, reducing the risk of phishing
attacks. Additionally, user education and awareness can also
help in mitigating the impact of phishing attacks. Educating
users about the telltale signs of phishing emails, such as
suspicious URLs or requests for personal information, can
help users identify and avoid phishing emails. By
combining email authentication and user education,
organizations can significantly reduce the risk of phishing
attacks and protect their sensitive information.
3 ) Two-Factor Authentication: Two-factor authentication
(2FA) is a security measure used to counter phishing attacks
by providing an additional layer of protection to user
accounts. It requires the user to provide two forms of
identification, such as a password and a one-time code
generated by a mobile device, before granting access to the
account. This means that even if an attacker obtains the
user's password through a phishing attack, they would still
need the additional form of identification to access the
account. 2FA can greatly reduce the effectiveness of
29
© 2023 IJRAR April 2023, Volume 10, Issue 2
phishing attacks, as it makes it much more difficult for
attackers to gain unauthorized access to user accounts [10].
Many online services now offer 2FA as an optional security
feature, and some even require it for certain high-risk
activities, such as transferring large amounts of money or
accessing sensitive information. However, it is important to
note that 2FA is not foolproof and can also be vulnerable to
certain types of attacks, such as SIM swapping or social
engineering attacks aimed at convincing the user to provide
a second form of identification.
VI. NON-TECHNICAL COUNTERMEASURES
A. Training and Awareness Programs
Non-technical countermeasures such as training and
awareness programs play a crucial role in mitigating the risk
of phishing attacks. Many organizations have recognized the
importance of educating their employees about phishing and
its associated risks. These programs typically involve
regular training sessions and simulated phishing attacks to
test employees' awareness and response.
The training sessions aim to teach employees how to
identify phishing emails, avoid clicking on suspicious links,
and report any potential threats to the organization's security
team. By creating a culture of security awareness,
organizations can reduce the likelihood of employees falling
victim to phishing attacks. Moreover, these programs can
also be tailored to specific job roles, ensuring that
employees understand the risks that are relevant to their
work. However, these programs require ongoing investment
and support from management to ensure their effectiveness.
Therefore, organizations need to prioritize employee
training and awareness as a crucial component of their
overall cybersecurity strategy to effectively combat the
threat of phishing attacks.
B. Incident Response Plans
Incident response plans are an essential component of a
comprehensive cybersecurity strategy, including protection
against phishing attacks. These plans outline the actions an
organization should take in response to a security incident,
including a phishing attack. Incident response plans provide
a structured approach to responding to a security incident,
minimizing the risk of damage to the organization and its
systems.
The plan should include specific procedures for detecting
and responding to a phishing attack, such as isolating
affected systems, assessing the extent of the attack, and
notifying relevant stakeholders. Incident response plans also
help organizations to maintain continuity of operations by
ensuring that critical systems are available during and after
an incident. Regularly testing and updating incident
response plans is crucial to ensure that they remain effective
in response to evolving threats. By implementing an
incident response plan, organizations can mitigate the
impact of a phishing attack and reduce the risk of future
attacks.
IJRAR23B1376 International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
VII. CASE STUDIES
A. Target Data Breach
In January 2021, one of the largest cyberattacks in US
history occurred, affecting over 30,000 US companies (and
60,000 worldwide) that used Microsoft Exchange email
servers. The hackers took advantage of four zero-day
vulnerabilities to gain unauthorized access to email accounts
from small businesses to local governments [11]. Exploiting
coding errors, they were able to control vulnerable systems
that only required two conditions: connection to the internet
and on-premises, locally managed systems.
Fig : 4 Phishing Attacks 2021-2022
With access to the email servers, the attackers requested
data access, deployed malware, used backdoors to gain
access to other systems, and took over the servers. Since the
requests appeared to come from the Exchange servers
themselves, many people assumed they were legitimate.
Microsoft eventually patched the vulnerabilities, but servers
that weren't updated could still be exploited by attackers.
Due to the systems not being on the cloud, Microsoft
couldn't immediately push a patch to fix the issues. In July
2021, the US administration and FBI accused China of
being behind the data breach, and Microsoft named
Hafnium, a Chinese state-sponsored hacker group, as the
responsible party.
B. Gmail Phishing Scam
In November 2014, Sony Pictures fell victim to a massive
cyberattack orchestrated by a hacking group known as
'Guardians of Peace.' According to Stuart McClure, the
CEO of cybersecurity firm Cylance, the attackers had been
preparing for months before the attack took place. They
targeted Sony executives with phishing emails that appeared
to be from Apple, prompting them to enter their login
credentials on a bogus website. With this information, the
hackers gained access to sensitive data, including private
correspondences, personal information of employees and
their families, and details of unreleased films [12].
To make matters worse, the attackers used a variant of the
Shamoon wiper malware to wipe Sony's computer systems.
This incident was just the beginning of the cybercriminals'
true motives. The attackers, later discovered to be a state-
sponsored North Korean group, demanded that Sony cancel
the release of their comedy movie, 'The Interview,' which
portrayed a plot to assassinate North Korean leader Kim
30
© 2023 IJRAR April 2023, Volume 10, Issue 2
Jong-un. They even threatened terrorist attacks on cinemas
that screened the film, resulting in many chains choosing
not to show it.
Due to the severity and unique nature of the attack, it is
difficult to estimate the exact cost of damages, but Jim
Lewis, a senior fellow at the Center for Strategic and
International Studies, estimated that Sony Pictures incurred
losses exceeding \$100 million.
VIII. CONCLUSION
A. Recap of Key Findings
In conclusion, this comprehensive study of phishing
attacks and their countermeasures has revealed several key
findings. Firstly, phishing attacks continue to be a major
threat to individuals and organizations alike, with attackers
using increasingly sophisticated techniques to trick their
victims. Secondly, the most effective countermeasures
against phishing attacks include a combination of
technology-based solutions such as anti-phishing software
and user education and awareness programs.
Thirdly, there is a need for greater collaboration between
industry, government, and academia in developing and
implementing effective countermeasures against phishing
attacks. Additionally, this study highlights the importance of
ongoing research and development in this area to stay ahead
of evolving phishing tactics. Overall, this research
emphasizes the need for a multifaceted approach to combat
phishing attacks, including both technological and human-
centered solutions, to mitigate the risks and protect against
potential damage caused by these attacks.
B. Implications for Practice and Research
The implications for practice and research in the area of
phishing attacks and their countermeasures are significant.
From a practical standpoint, organizations need to
implement multifaceted and continuous training programs
for employees to increase their awareness of phishing
attacks and how to detect and respond to them. Furthermore,
companies need to adopt technical solutions such as two-
factor authentication, secure email gateways, and anti-
phishing tools to provide an additional layer of defense
against these attacks.
Organizations should also perform regular vulnerability
assessments and penetration testing to identify and
remediate any security weaknesses in their systems that
could be exploited by phishers. From a research perspective,
there is a need for more studies that explore the psychology
behind why people fall for phishing attacks and how to
effectively mitigate these attacks. Additionally, researchers
need to continue to develop and evaluate new technical
solutions to prevent and detect phishing attacks. Overall, the
findings from this comprehensive study suggest that
combating phishing attacks requires a multifaceted and
collaborative approach that involves both technical and non-
technical countermeasures.
References
[1] A Study of Preventing Email (Spear) Phishing by
Enabling Human Intelligence. (2015, September
IJRAR23B1376
View publication stats
International Journal of Research and Analytical Reviews (IJRAR)
www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
1). IEEE Conference Publication | IEEE Xplore.
https://ieeexplore.ieee.org/document/7379731
[2] A Study On Phishing Attacks. (n.d.).
https://www.legalserviceindia.com/legal/article-
9288-a-study-on-phishing-attacks.html
[3] A Survey of Man In The Middle Attacks. (2016,
January 1). IEEE Journals & Magazine | IEEE
Xplore.
https://ieeexplore.ieee.org/document/7442758
[4] Ahmad, D. R. M., Dubrawsky, I., Flynn, H.,
Grand, J., Graham, R. M., Johnson, N. R.,
Kaminsky, D. E., Lynch, F. W., Manzuik, S. W.,
Permeh, R., Pfeil, K., & Russell, R. P. (2002,
January 1). Session Hijacking.
https://doi.org/10.1016/b978-192899470-1/50014-
8
[5] Babu, P. R., & Bhaskari, D. L. (2010). A
Comprehensive Analysis of Spoofing.
International Journal of Advanced Computer
Science and Applications, 1(6).
https://doi.org/10.14569/ijacsa.2010.010623
[6] Detection of phishing attacks. (2018, March 1).
IEEE Conference Publication | IEEE Xplore.
https://ieeexplore.ieee.org/document/8355389
[7] Elkind, P. (2019, June 27). Sony Pictures: Inside
the Hack of the Century, Part 3. Fortune.
https://fortune.com/longform/sony-hack-final-part/
[8] Email Phishing, Vishing & Other Types of. (n.d.).
© Copyright 2004 - 2023 Webroot Inc. All Rights
Reserved.
https://www.webroot.com/in/en/resources/tips-
articles/what-is-phishing
[9] Phishing attacks: defending your organisation.
(n.d.). https://www.ncsc.gov.uk/guidance/phishing
[ 10 ] phishing attacks Latest Research Papers |
ScienceGate. (n.d.).
https://www.sciencegate.app/keyword/540229
[ 11 ] Security, P. (2023, February 14). What is an Evil
Twin Attack? - Panda Security Mediacenter. Panda
Security Mediacenter.
https://www.pandasecurity.com/en/mediacenter/sec
urity/what-is-an-evil-twin-attack/
[ 12 ] Timm, C., & Perez, R. (2010). Introduction.
Elsevier EBooks, xiii–xxi.
https://doi.org/10.1016/b978-1-59749-545-
5.00011-2
[ 13 ] What Is a Phishing Attack? Definition and Types.
(2023, March 22). Cisco.
https://www.cisco.com/c/en_in/products/security/e
mail-security/what-is-phishing.html
[ 14 ] Wikipedia contributors. (2022). 2021 Microsoft
Exchange Server data breach. Wikipedia.
https://en.wikipedia.org/wiki/2021_Microsoft_Exc
hange_Server_data_breach
31