Professional Documents
Culture Documents
Phishing Scams
Phishing Scams
Phishing is one of the different types of fraud that are committed online today. Fraud is
defined as the deliberate deception made by an individual for the sole aim of personal gains
(Abroshan et al., 2018, p. 190). It mainly involves the deception of people into giving
personal information for financial gains. The following report is discussing the issue of email
and phishing scams in the world today. It describes email scams that are commonly used to
steal personal information and gives the various statistics on phishing in industries today
(Khonji et al., 2013, p. 2091). People are falling into the traps of hackers and give their
information unknowingly. The paper discusses some of the various traits that hackers look for
when trapping people online. The report aims to give some of the ways through which
individuals can avoid falling for phishing traps and the ways to stop the hackers. The target
audience is mainly young people who tend to be online and companies dealing with lots of
emails. Further, it is possible to use the available resources such as information in avoiding
phishing attacks. While the internet is becoming one of the significant ways through which
people communicate and share information, it is essential that they learn to avoid the risk of
Email is one way through which millions of companies and billions of people communicate
all over the world. With its widespread use, attackers have taken advantage of and are always
launching attacks on vulnerable persons (Frauenstein & Flowerday, 2020, p. 2). Phishing is
one of the most common forms of cyber fraud and attacks that criminals online carry out.
Further, it is one of the easiest of them all. It is one of the easiest ways through which the
scammers are provided with everything they require to ransack the target's work and personal
accounts (Gupta et al., 2016, p. 3630). It is a cybercrime where the target is contacted via
email, text message, or telephone by someone who impersonates a legit institution to lure the
individual into providing sensitive information such as banking, personal identification
information, passwords, and credit card information (Lin et al., 2019, p. 1). Once this
identity theft and financial loss. Email phishing scams are one of the most common phishing
techniques used by hackers (Khonji et al., 2013, pp. 2091-2092). The attacker sends out
thousands of fraudulent messages and scams the ones who respond to the messages.
However, there are times when an attacker targets a specific individual or enterprise (Lin et
al., 2019, p. 2). This type of phishing is known as spear phishing. This type of phishing
There are many ways in which phishing has been used to achieve attacks online. Phishing has
also become one of the popular ways through which attackers deliver malware. This is
usually done through email where the victims are encouraged to download software, visit a
link, or download a document. This link or download secretly installs the malware in attacks
that are normally distributing ransomware, Trojan malware, or all other manners of disruptive
or damaging attacks (Khonji et al., 2013, p. 2091). The mechanics and aims for email
phishing scams vary. For instance, a victim may be tricked into clicking a link that takes them
to a fake website where the scammers persuade them to enter personal information (Moreno-
Fernández et al., 2017, p. 421). Statistics show that around 1.4 million phishing websites are
created in a single month (Plamer, 2017). Criminals tend to replace these websites to avoid
detection, allowing them to keep stealing the personal information of victims. Up to 90% of
all data breaches that occur in companies and personal accounts are as a result of phishing
According to Verizon's Data Breach Investigations Report of 2020, 22% of all breaches in
2019 resulted from phishing (Verizon, 2020, p. 7). The frequency of attacks is seen to vary
from one industry to another. However, 88% of all organizations around the world
experienced spear-phishing attempts last year. Nonetheless, there is quite a difference
between a successful attack and an attempt. In the United States, 65% of the organizations
experienced successful phishing attacks. The email appears to be the widely used tactic, with
96% of all phishing attacks being delivered through email (Verizon, 2020, p. 25). Over the
last three years, the cost of a data breach has steadily increased, with the average being $3.92
million, according to IBM's Cost of Data Breach Report. This figure goes lower for smaller
organizations and higher for larger organizations. According to the report by Verizon (2020,
pp. 58-59) and Plamer (2017), the most targeted industries are healthcare and
Email phishing scams take place over the internet. While the internet has provided a wide
range of opportunities for companies and individuals to access various advantages, it has also
increased their vulnerabilities if they do not watch out (Sahingoz et al., 2019, p. 345). The
internet is quite big and can be profiled by attackers based on the characteristics of users. It
also does not offer any form of warning or protection to the user from any form of attack and
has left the duty of protection to the users and the companies they work for. Some of the
factors that contribute to email phishing scams include online habits, information processing,
All people have different ways of processing information on the internet. According to the
heuristic-systematic model, individuals tend to use systematic and heuristic models in the
processing of information (Griffin et al., 2016, p. 706). The former uses heuristic cues that
normally use limited cognitive resources in making judgments, while the latter involves the
Flowerday (2020, p. 8), on the internet, there is the risk of information overload, and
technology is seen to encourage individuals to process information heuristically, which tends
Online habits have been shown to influence the phishing susceptibility of individuals. Users
who are actively engaged in social media have been said to be more prone to phishing attacks
(Moreno-Fernández et al., 2017, p. 422). Further, the online frequency of individuals tends to
affect the way they process information. Normally, people overloaded with information tend
to fall victim to misleading socially engineered messages or information. Those used to being
online are prone to email phishing scams since they tend to thoughtlessly click on links
(Abroshan et al., 2018, p. 188). Further, individuals used to opening links with less
There are a number of traits that are classified as the Big Five Personality traits that are
highly likely to fall victim to phishing. Research shows that it is important to consider the
personality traits of a user, as a vulnerability factor. Some of these traits that are linked to
Flowerday, 2020, pp. 5-6). Individuals who are talkative, optimistic, and sociable are more
likely to engage in more online and social activities. According to Lin et al. (2019, p. 5),
individuals with a high score of conscientiousness are more prone to phishing attacks since
Technology has increasingly advanced in terms of programming and related aspects. Today,
programming is seen to have taken a machine learning approach where the computer learns
the activities of the user. Attackers may use this approach to know the activities of the user
and suggest malicious links and software downloads which match the activity of the user
(Sahingoz et al., 2019, pp. 345-346). This becomes easy for the user to fall victim to email
phishing. They are a number of characteristics that are linked to the offenders. These traits
are mainly intended to attract their victims, into proceeding with the a phisher’s desired
action (Abroshan et al., 2018, p. 194). These people tend to take advantage of people and use
the opportunities to their advantage. These people can easily be defined by the activities they
undertake.
Most of the phishing activities involve business activities. The main goal is to make money
through the sale of the information stolen (Khonji et al., 2013, p. 2092). One common trait of
the offenders is the fact that they are well versed with technology (Sahingoz et al., 2019, p.
345). Many of them use the latest technology to undertake their phishing activities. Some of
them are known to use sophisticated programs, develop programs, and also special gadgets to
copy and manufacture cards. The internet forms the backbone of all their activities. These
technologies aid in the perpetration of their scams. Another trait is that they have a legitimate
and professional aura, to make it easier for their victims to trust them (Gupta et al., 2016, p.
3636). In most cases, phishing offenders tend to impersonate people or companies to succeed
in obtaining personal information from individuals (Jakobsson, 2018, p. 6). Research shows
that most of the phishing offenders were successful when they presented themselves as
professionals and legitimate appearance of what attracted them into the scam businesses.
Further, they are also seen to have good sales techniques. Phishing offenders tend to sell
ideas and concepts to people so well that they convince them to give their personal
information.
Quite often, offenders pretend to be given individuals or companies. Most of the messages
sent by them look genuine, and the sites look like the real thing. This makes it hard for the
victims to tell the difference between the real one and the fake one (Sahingoz et al., 2019, p.
345). The offender usually sends thousands of emails to victims to increase their sums of
money obtained from the one who has fallen for it. To increase the probability of the victims
to respond, they create a sense of urgency to respond to the email. Through such emails, the
scammers are capable of stealing personal information (Gupta et al., 2016, p. 3637). Further,
the hackers tend to embed links to the emails sent. These links have documents and or
software that is mainly malware. The software attacks the computer and all other connected
systems and send the information to the scammers. The most commonly exploited malware
for these phishing attacks, is Trojan (Gupta et al., 2016, p. 3637). For a hacker who is good at
profiling or knows someone and attacks them for the purpose of stealing personal information
Phishing has been seen to apply social engineering to steal information. From its definitions,
it is seen that it involves identity deception through impersonation (Jakobsson, 2018, p. 6).
With the advancement of technology, it has become common from many people to engage in
mobile banking. In 2019’s third quarter, the rate of phishing attacks rose to levels that have
not been witnessed in the past (Frauenstein & Flowerday, 2020, p. 1). The sophistication of
the phishing activities has greatly focused on deceiving people into giving out their banking
information. It is evident from Moreno-Fernández et al. (2017, p. 422), that personal traits
play a significant role in the determination of the possibility of an individual being attacked.
As mentioned, there are certain personality traits that increase the probability of an individual
falling victim to phishing attacks. The Big Five personality traits have been used in the
determination of the possibility of victims of phishing (Frauenstein & Flowerday, 2020, p. 6).
People who are open to experience are those who are more willing to try out new experiences
and have open-mindedness. They also have an active imagination and mainly focus on
intellectual pursuits. Such individuals have been shown to be quite easy to fall into phishing
attacks traps. The attackers take advantage of their appreciation of nature, art, and different
beliefs to design attractive messages to them (Frauenstein & Flowerday, 2020, p. 6).
Extroverts are individuals who are social, talkative, energetic, assertive, dominant and
impulsive. Such victims are normally excited about new experiences and also prefer to work
with others. It is easy for them to open emails about promotions and new ideas and open links
since they want to find out new things. This makes it easy for attackers to trap them
(Abroshan et al., 2018, p. 194). Hackers are also seen to attack neurotic persons since they
tend to have emotional instability and are prone to negative emotions such as embarrassment,
guilt, and pessimism. When such individuals are threatened through the emails, it is easy for
them to be scammed into giving out their personal information (Frauenstein & Flowerday,
2020, p. 6). When threatened, they tend to be nervous and due to the association with low
Apart from personality traits, there are a number of other risk factors that expose people to
email phishing scams. Lack of expertise and knowledge about phishing and hacking on the
internet is seen to be one of the biggest risk factors (Khonji et al., 2013, p. 2093). While the
issue of phishing has been in existence for a while now, not all of the victims are well
informed about phishing. With the world moving to a technological based life, phishing
offenders are continuing to be thorough in their activities using the latest technologies.
Victims who are not well versed with phishing scams online will always fall into the traps of
impersonated website and companies (Abroshan et al., 2018, p. 194). Further, people who are
not well educated on how to avoid phishing scams are easily trapped too. It is therefore
necessary for individuals online to receive some training on how to avoid phishing scams.
In 2019, Australians reported 167,797 scams to the Australian Competition and Consumer
Commission (ACCC). This represents about 34% increase from the previous years
(Barbaschow, 2020). The figure below shows the top scam losses as reported by Scamwatch
in Australia. There are a number of approaches used to combat the issue of email phishing
Figure 1.The top losses to scams in Australia as reported by Scamwatch (Barbaschow, 2020).
Phishing is an act that is considered illegal in most of the places around the world and still
remains to be the most attractive for hackers since the anonymity and speed of the internet
make it quite hard for them to be caught (Scamwatch, 2020). Any of the attempts of
addressing phishing in the country needs to state the reality of the problem. There are a
number of legislations in Australia that criminalize acts of phishing. Since phishing entails
the theft of identity Acts on identity theft and fraud (Barbaschow, 2020). However, the
relevant Commonwealth legislation code is the Criminal Code Act 1995 concerned with any
form of fraudulent conduct is unlikely to be applied since it is only limited to the acquisition
of information fraudulently from the commonwealth (Black, 2006, p. 83). Further, the Trade
Marks Act 1995 is also applicable in this section since the phishing emails essentially use
end such reply or open an embedded link, consumer awareness and education is one of the
most important ways through which this crime can be stopped (Black, 2006, p. 88). Internet
users need to be always aware of the phishing threat when accessing their emails. The
government agencies have created awareness by giving some of the signs to spot phishing
emails. These include unsuspected requests, mistakes, emails with a generic name and also
government, APWG, banks, and credit card companies have issued some advice on avoiding
email phishing, including practices such as not responding to emails asking for personal
information, calling the bank when one wants to update their financial information, using
antivirus software to regularly check for malware, and having an understanding of their rights
when it comes to online fraud. Also, Scamwatch is also giving companies and individuals
report and avoid phishing email scams online and is also giving user protection according to
(Scamwatch, 2020).
With the anonymity and complexity of the internet, it is evident that phishing is a continuing
issue for a long time into the future, and organizations as well as individuals have come to
expect this (Jakobsson, 2018, p. 7). There are a number of ways that these crimes of fraud can
be stopped. There are basic guidelines and ideas that need to be followed to avoid any issues
of phishing on individuals.
One of the best approach to reduce the rate of email phishing scams is keeping people
informed about the techniques in phishing, both new and old (Gupta et al., 2016, p. 3642).
Companies and the government need to keep people informed to avoid the dangers relate to
phishing. Since phishing is a situational based crime, one way of avoiding it is by hardening
the target. This means making it hard for the hacker to obtain the information of the victim.
Another approach is using an anti-phishing toolbar (Gupta et al., 2016, p. 3646). Since
hackers are always redefining their approaches, using anti-phishing toolbars on browser to
track any potentially malicious site. In light of the target hardening tactic, constantly creating
awareness on phishing to the public makes it quite hard for their information to be phished.
As mentioned above, phishing offenders also depend on the personality of the victims and
offering anti-phishing training, should also put into account the vulnerable crowds and come
up with new ways to educate them (Lin et al., 2019, pp. 21-22). Further, one way that sounds
common or obvious but not always is the use of using antivirus and other network protecting
software. These software keep updating their phishing techniques definitions which help
protect individuals from any form of phishing attacks. These programs also come with
firewall protection that blocks any malicious sites and requests that attempt to lure a user.
Nonetheless, email phishing scams will continue being a challenge and there no one way that
will fully protect a user from attacks (Gupta et al., 2016, pp. 3644-3645). However, keeping
tabs with the latest techniques used by offenders will help one avoid the platforms used by
them.
Conclusion
Technology improvements in the last decade have resulted in increased online frauds, with
phishing scams taking precedent. Email phishing scams are the most common form of fraud,
categorized by tricking and trapping individuals mainly for financial gain. Understanding
these crimes, their forms, how to detect them, and prevention is very key. From this report, it
is apparent that user awareness is a key vulnerability factor, with different personality traits
victim to these scams. Knowing that offenders use tricks such as identity impersonation or
pose as organizations a victim would trust, preventing these attacks requires extreme
vigilance from online users. While curbing this fraudulent activity is difficult, initiatives
taken by regulatory bodies to educate individuals and provide an avenue for victims to report
phishing scam incidences will largely help victims. Practices such as user education, using
phishing detection toolbars, and both individuals and organizations taking extreme measures
when using their data online, are effective prevention strategies. Keenness and being extra
vigilant in using the Internet will go a long way in reducing the numbers of phishing scams.
References
Abroshan, H., Devos, J., Poels, G., & Laermans, E. (2018). Phishing attacks root causes.
4_13
https://www.zdnet.com/article/australians-reported-25000-phishing-scams-to-the-
accc-last-year/
Black, P. (2006). Phish to Fry: Responding to the Phishing Problem. Journal of law,
http://griffith.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwED0
BExLiG9FSUDamoMRxPkzFUCGqInWoKMzV1XZolxaVVBX_njsnhTYDExkiJZc
hOtvn57PfO4BI3AV-
LSYII3JpJA0m1jfPUQW8XWMpgFq6xkEtk_G8psZUzV2KiE5LCoKZ6yVnzoYlu6
ttZg9ZllAk5l2-kBXZ2rRSpcVSvzccUnAOE5Gu6zdV2wtKuJqogroIH2VPf-
LxBoveTTDdI1htZ1U2eEgbGZVtCcd_-
fNjOKwwqdcpO9EJ7NjZKez2cXUGwWAy_Zx4xdzrLr7uvRd3opanO35F2NFzdn4e
lJVpzuGt-_T62POrIgv-
O81asZ9jZEKlCcZpm8coQqMQZSgwUBGBByMTg0kcp2OFVkQ6sGPkdVsaGqtsl
OXRBRwgH8afFY60Zy7Biwl0SZHrUGgjM00filgkqAkcyTRF24BbdveInVMsUGN
FBZjPLKtRjTqsmSoVQaMGNNl7IwIONPZqzmpAyxk_Sl2Ourn5t_kK9p0Mq0untG
CvWCzt9S_L6sb1GL4POt9PYc_e
101862-101862. https://doi.org/10.1016/j.cose.2020.101862
Griffin, R. J., Neuwirth, K., Giese, J., & Dunwoody, S. (2016). Linking the Heuristic-
732. https://doi.org/10.1177/009365002237833
Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2016). Fighting against phishing
attacks: state of the art and future challenges. Neural computing & applications,
3723(18)30052-6
Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing Detection: A Literature Survey. IEEE
https://doi.org/10.1109/SURV.2013.032213.00009
Lin, T., Capecci, D., Ellis, D., Rocha, H., Dommaraju, S., Oliveira, D., & Ebner, N. (2019).
1-28. https://doi.org/10.1145/3336141
Moreno-Fernández, M. M., Blanco, F., Garaizar, P., & Matute, H. (2017). Fishing for
https://doi.org/10.1016/j.chb.2016.12.044
Plamer, D. (2017). 1.4 million phishing websites are created every month: Here's who the
websites-are-created-every-month-heres-who-the-scammers-are-pretending-to-be/
Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing
https://doi.org/10.1016/j.eswa.2018.09.029
https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-
information/phishing
e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/2020-verizon-
data-breach-investigations-report.pdf