Introduction

Phishing is one of the different types of fraud that are committed online today. Fraud is

defined as the deliberate deception made by an individual for the sole aim of personal gains

(Abroshan et al., 2018, p. 190). It mainly involves the deception of people into giving

personal information for financial gains. The following report is discussing the issue of email

and phishing scams in the world today. It describes email scams that are commonly used to

steal personal information and gives the various statistics on phishing in industries today

(Khonji et al., 2013, p. 2091). People are falling into the traps of hackers and give their

information unknowingly. The paper discusses some of the various traits that hackers look for

when trapping people online. The report aims to give some of the ways through which

individuals can avoid falling for phishing traps and the ways to stop the hackers. The target

audience is mainly young people who tend to be online and companies dealing with lots of

emails. Further, it is possible to use the available resources such as information in avoiding

phishing attacks. While the internet is becoming one of the significant ways through which

people communicate and share information, it is essential that they learn to avoid the risk of

personal information being stolen.

Definition and Scale of the Crime

Email is one way through which millions of companies and billions of people communicate

all over the world. With its widespread use, attackers have taken advantage of and are always

launching attacks on vulnerable persons (Frauenstein & Flowerday, 2020, p. 2). Phishing is

one of the most common forms of cyber fraud and attacks that criminals online carry out.

Further, it is one of the easiest of them all. It is one of the easiest ways through which the

scammers are provided with everything they require to ransack the target's work and personal

accounts (Gupta et al., 2016, p. 3630). It is a cybercrime where the target is contacted via

email, text message, or telephone by someone who impersonates a legit institution to lure the
individual into providing sensitive information such as banking, personal identification

information, passwords, and credit card information (Lin et al., 2019, p. 1). Once this

information is obtained, it is used to access individuals' accounts, which later results in

identity theft and financial loss. Email phishing scams are one of the most common phishing

techniques used by hackers (Khonji et al., 2013, pp. 2091-2092). The attacker sends out

thousands of fraudulent messages and scams the ones who respond to the messages.

However, there are times when an attacker targets a specific individual or enterprise (Lin et

al., 2019, p. 2). This type of phishing is known as spear phishing. This type of phishing

requires an in-depth understanding of the organization or individual.

There are many ways in which phishing has been used to achieve attacks online. Phishing has

also become one of the popular ways through which attackers deliver malware. This is

usually done through email where the victims are encouraged to download software, visit a

link, or download a document. This link or download secretly installs the malware in attacks

that are normally distributing ransomware, Trojan malware, or all other manners of disruptive

or damaging attacks (Khonji et al., 2013, p. 2091). The mechanics and aims for email

phishing scams vary. For instance, a victim may be tricked into clicking a link that takes them

to a fake website where the scammers persuade them to enter personal information (Moreno-

Fernández et al., 2017, p. 421). Statistics show that around 1.4 million phishing websites are

created in a single month (Plamer, 2017). Criminals tend to replace these websites to avoid

detection, allowing them to keep stealing the personal information of victims. Up to 90% of

all data breaches that occur in companies and personal accounts are as a result of phishing

attacks (Plamer, 2017).

According to Verizon's Data Breach Investigations Report of 2020, 22% of all breaches in

2019 resulted from phishing (Verizon, 2020, p. 7). The frequency of attacks is seen to vary

from one industry to another. However, 88% of all organizations around the world
experienced spear-phishing attempts last year. Nonetheless, there is quite a difference

between a successful attack and an attempt. In the United States, 65% of the organizations

experienced successful phishing attacks. The email appears to be the widely used tactic, with

96% of all phishing attacks being delivered through email (Verizon, 2020, p. 25). Over the

last three years, the cost of a data breach has steadily increased, with the average being $3.92

million, according to IBM's Cost of Data Breach Report. This figure goes lower for smaller

organizations and higher for larger organizations. According to the report by Verizon (2020,

pp. 58-59) and Plamer (2017), the most targeted industries are healthcare and

pharmaceuticals, technology, business services, and manufacturing due to their detailed

access to personal information and financial statuses.

Context of the Crime Problem

Email phishing scams take place over the internet. While the internet has provided a wide

range of opportunities for companies and individuals to access various advantages, it has also

increased their vulnerabilities if they do not watch out (Sahingoz et al., 2019, p. 345). The

internet is quite big and can be profiled by attackers based on the characteristics of users. It

also does not offer any form of warning or protection to the user from any form of attack and

has left the duty of protection to the users and the companies they work for. Some of the

factors that contribute to email phishing scams include online habits, information processing,

and also the personality traits of individuals.

All people have different ways of processing information on the internet. According to the

heuristic-systematic model, individuals tend to use systematic and heuristic models in the

processing of information (Griffin et al., 2016, p. 706). The former uses heuristic cues that

normally use limited cognitive resources in making judgments, while the latter involves the

careful examination of information to reach a conclusion. According to Frauenstein and

Flowerday (2020, p. 8), on the internet, there is the risk of information overload, and
technology is seen to encourage individuals to process information heuristically, which tends

to increase their susceptibility to email phishing scams.

Online habits have been shown to influence the phishing susceptibility of individuals. Users

who are actively engaged in social media have been said to be more prone to phishing attacks

(Moreno-Fernández et al., 2017, p. 422). Further, the online frequency of individuals tends to

affect the way they process information. Normally, people overloaded with information tend

to fall victim to misleading socially engineered messages or information. Those used to being

online are prone to email phishing scams since they tend to thoughtlessly click on links

(Abroshan et al., 2018, p. 188). Further, individuals used to opening links with less

processing are also highly likely to fall victim to phishing.

There are a number of traits that are classified as the Big Five Personality traits that are

highly likely to fall victim to phishing. Research shows that it is important to consider the

personality traits of a user, as a vulnerability factor. Some of these traits that are linked to

email-based phishing include openness, agreeableness, and extraversion (Frauenstein &

Flowerday, 2020, pp. 5-6). Individuals who are talkative, optimistic, and sociable are more

likely to engage in more online and social activities. According to Lin et al. (2019, p. 5),

individuals with a high score of conscientiousness are more prone to phishing attacks since

they can trust people online easily.

Technology has increasingly advanced in terms of programming and related aspects. Today,

programming is seen to have taken a machine learning approach where the computer learns

the activities of the user. Attackers may use this approach to know the activities of the user

and suggest malicious links and software downloads which match the activity of the user

(Sahingoz et al., 2019, pp. 345-346). This becomes easy for the user to fall victim to email

phishing since they have the interest in whatever is presented to them.

Common Offender Methodologies

There are a number of ways through which one can easily identify offenders of email

phishing. They are a number of characteristics that are linked to the offenders. These traits

are mainly intended to attract their victims, into proceeding with the a phisher’s desired

action (Abroshan et al., 2018, p. 194). These people tend to take advantage of people and use

the opportunities to their advantage. These people can easily be defined by the activities they

undertake.

Most of the phishing activities involve business activities. The main goal is to make money

through the sale of the information stolen (Khonji et al., 2013, p. 2092). One common trait of

the offenders is the fact that they are well versed with technology (Sahingoz et al., 2019, p.

345). Many of them use the latest technology to undertake their phishing activities. Some of

them are known to use sophisticated programs, develop programs, and also special gadgets to

copy and manufacture cards. The internet forms the backbone of all their activities. These

technologies aid in the perpetration of their scams. Another trait is that they have a legitimate

and professional aura, to make it easier for their victims to trust them (Gupta et al., 2016, p.

3636). In most cases, phishing offenders tend to impersonate people or companies to succeed

in obtaining personal information from individuals (Jakobsson, 2018, p. 6). Research shows

that most of the phishing offenders were successful when they presented themselves as

professionals and legitimate appearance of what attracted them into the scam businesses.

Further, they are also seen to have good sales techniques. Phishing offenders tend to sell

ideas and concepts to people so well that they convince them to give their personal

information.

Quite often, offenders pretend to be given individuals or companies. Most of the messages

sent by them look genuine, and the sites look like the real thing. This makes it hard for the

victims to tell the difference between the real one and the fake one (Sahingoz et al., 2019, p.

345). The offender usually sends thousands of emails to victims to increase their sums of
money obtained from the one who has fallen for it. To increase the probability of the victims

to respond, they create a sense of urgency to respond to the email. Through such emails, the

scammers are capable of stealing personal information (Gupta et al., 2016, p. 3637). Further,

the hackers tend to embed links to the emails sent. These links have documents and or

software that is mainly malware. The software attacks the computer and all other connected

systems and send the information to the scammers. The most commonly exploited malware

for these phishing attacks, is Trojan (Gupta et al., 2016, p. 3637). For a hacker who is good at

profiling or knows someone and attacks them for the purpose of stealing personal information

affects the growth of the company.

Risk factors Associated with victimization

Phishing has been seen to apply social engineering to steal information. From its definitions,

it is seen that it involves identity deception through impersonation (Jakobsson, 2018, p. 6).

With the advancement of technology, it has become common from many people to engage in

mobile banking. In 2019’s third quarter, the rate of phishing attacks rose to levels that have

not been witnessed in the past (Frauenstein & Flowerday, 2020, p. 1). The sophistication of

the phishing activities has greatly focused on deceiving people into giving out their banking

information. It is evident from Moreno-Fernández et al. (2017, p. 422), that personal traits

play a significant role in the determination of the possibility of an individual being attacked.

As mentioned, there are certain personality traits that increase the probability of an individual

falling victim to phishing attacks. The Big Five personality traits have been used in the

determination of the possibility of victims of phishing (Frauenstein & Flowerday, 2020, p. 6).

People who are open to experience are those who are more willing to try out new experiences

and have open-mindedness. They also have an active imagination and mainly focus on

intellectual pursuits. Such individuals have been shown to be quite easy to fall into phishing

attacks traps. The attackers take advantage of their appreciation of nature, art, and different
beliefs to design attractive messages to them (Frauenstein & Flowerday, 2020, p. 6).

Extroverts are individuals who are social, talkative, energetic, assertive, dominant and

impulsive. Such victims are normally excited about new experiences and also prefer to work

with others. It is easy for them to open emails about promotions and new ideas and open links

since they want to find out new things. This makes it easy for attackers to trap them

(Abroshan et al., 2018, p. 194). Hackers are also seen to attack neurotic persons since they

tend to have emotional instability and are prone to negative emotions such as embarrassment,

guilt, and pessimism. When such individuals are threatened through the emails, it is easy for

them to be scammed into giving out their personal information (Frauenstein & Flowerday,

2020, p. 6). When threatened, they tend to be nervous and due to the association with low

self-esteem they are quite easy to trap online.

Apart from personality traits, there are a number of other risk factors that expose people to

email phishing scams. Lack of expertise and knowledge about phishing and hacking on the

internet is seen to be one of the biggest risk factors (Khonji et al., 2013, p. 2093). While the

issue of phishing has been in existence for a while now, not all of the victims are well

informed about phishing. With the world moving to a technological based life, phishing

offenders are continuing to be thorough in their activities using the latest technologies.

Victims who are not well versed with phishing scams online will always fall into the traps of

impersonated website and companies (Abroshan et al., 2018, p. 194). Further, people who are

not well educated on how to avoid phishing scams are easily trapped too. It is therefore

necessary for individuals online to receive some training on how to avoid phishing scams.

Law Enforcement and Regulatory Responses

In 2019, Australians reported 167,797 scams to the Australian Competition and Consumer

Commission (ACCC). This represents about 34% increase from the previous years

(Barbaschow, 2020). The figure below shows the top scam losses as reported by Scamwatch
in Australia. There are a number of approaches used to combat the issue of email phishing

email scams in Australia.

Figure 1.The top losses to scams in Australia as reported by Scamwatch (Barbaschow, 2020).

Phishing is an act that is considered illegal in most of the places around the world and still

remains to be the most attractive for hackers since the anonymity and speed of the internet

make it quite hard for them to be caught (Scamwatch, 2020). Any of the attempts of

addressing phishing in the country needs to state the reality of the problem. There are a

number of legislations in Australia that criminalize acts of phishing. Since phishing entails

the theft of identity Acts on identity theft and fraud (Barbaschow, 2020). However, the

relevant Commonwealth legislation code is the Criminal Code Act 1995 concerned with any

form of fraudulent conduct is unlikely to be applied since it is only limited to the acquisition

of information fraudulently from the commonwealth (Black, 2006, p. 83). Further, the Trade

Marks Act 1995 is also applicable in this section since the phishing emails essentially use

registered trademarks (Black, 2006, p. 84).

Considering the fact that a successful phishing attack requires a response from the victim’s

end such reply or open an embedded link, consumer awareness and education is one of the

most important ways through which this crime can be stopped (Black, 2006, p. 88). Internet

users need to be always aware of the phishing threat when accessing their emails. The

government agencies have created awareness by giving some of the signs to spot phishing

emails. These include unsuspected requests, mistakes, emails with a generic name and also

alarmist warnings. According to Black (2006, p. 89), FraudWatch International, the

government, APWG, banks, and credit card companies have issued some advice on avoiding

email phishing, including practices such as not responding to emails asking for personal

information, calling the bank when one wants to update their financial information, using

antivirus software to regularly check for malware, and having an understanding of their rights

when it comes to online fraud. Also, Scamwatch is also giving companies and individuals

report and avoid phishing email scams online and is also giving user protection according to

(Scamwatch, 2020).

Promising Crime Prevention Approaches

With the anonymity and complexity of the internet, it is evident that phishing is a continuing

issue for a long time into the future, and organizations as well as individuals have come to

expect this (Jakobsson, 2018, p. 7). There are a number of ways that these crimes of fraud can

be stopped. There are basic guidelines and ideas that need to be followed to avoid any issues

of phishing on individuals.

One of the best approach to reduce the rate of email phishing scams is keeping people

informed about the techniques in phishing, both new and old (Gupta et al., 2016, p. 3642).

Companies and the government need to keep people informed to avoid the dangers relate to

phishing. Since phishing is a situational based crime, one way of avoiding it is by hardening

the target. This means making it hard for the hacker to obtain the information of the victim.
Another approach is using an anti-phishing toolbar (Gupta et al., 2016, p. 3646). Since

hackers are always redefining their approaches, using anti-phishing toolbars on browser to

track any potentially malicious site. In light of the target hardening tactic, constantly creating

awareness on phishing to the public makes it quite hard for their information to be phished.

As mentioned above, phishing offenders also depend on the personality of the victims and

tend to take advantage of their vulnerabilities. As a result, organizations and individuals

offering anti-phishing training, should also put into account the vulnerable crowds and come

up with new ways to educate them (Lin et al., 2019, pp. 21-22). Further, one way that sounds

common or obvious but not always is the use of using antivirus and other network protecting

software. These software keep updating their phishing techniques definitions which help

protect individuals from any form of phishing attacks. These programs also come with

firewall protection that blocks any malicious sites and requests that attempt to lure a user.

Nonetheless, email phishing scams will continue being a challenge and there no one way that

will fully protect a user from attacks (Gupta et al., 2016, pp. 3644-3645). However, keeping

tabs with the latest techniques used by offenders will help one avoid the platforms used by

them.

Conclusion

Technology improvements in the last decade have resulted in increased online frauds, with

phishing scams taking precedent. Email phishing scams are the most common form of fraud,

categorized by tricking and trapping individuals mainly for financial gain. Understanding

these crimes, their forms, how to detect them, and prevention is very key. From this report, it

is apparent that user awareness is a key vulnerability factor, with different personality traits

such as extraversion, openness, and conscientiousness, increasing users' likeliness to fall

victim to these scams. Knowing that offenders use tricks such as identity impersonation or

pose as organizations a victim would trust, preventing these attacks requires extreme
vigilance from online users. While curbing this fraudulent activity is difficult, initiatives

taken by regulatory bodies to educate individuals and provide an avenue for victims to report

phishing scam incidences will largely help victims. Practices such as user education, using

phishing detection toolbars, and both individuals and organizations taking extreme measures

when using their data online, are effective prevention strategies. Keenness and being extra

vigilant in using the Internet will go a long way in reducing the numbers of phishing scams.
References

Abroshan, H., Devos, J., Poels, G., & Laermans, E. (2018). Phishing attacks root causes.

10694(Conference Proceedings), 187-202. https://doi.org/10.1007/978-3-319-76687-

4_13

Barbaschow, A. (2020). Australians reported 25,000 phishing scams last year.

https://www.zdnet.com/article/australians-reported-25000-phishing-scams-to-the-

accc-last-year/

Black, P. (2006). Phish to Fry: Responding to the Phishing Problem. Journal of law,

information and science, 16, 73-91.

http://griffith.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwED0

BExLiG9FSUDamoMRxPkzFUCGqInWoKMzV1XZolxaVVBX_njsnhTYDExkiJZc

hOtvn57PfO4BI3AV-

LSYII3JpJA0m1jfPUQW8XWMpgFq6xkEtk_G8psZUzV2KiE5LCoKZ6yVnzoYlu6

ttZg9ZllAk5l2-kBXZ2rRSpcVSvzccUnAOE5Gu6zdV2wtKuJqogroIH2VPf-

LxBoveTTDdI1htZ1U2eEgbGZVtCcd_-

fNjOKwwqdcpO9EJ7NjZKez2cXUGwWAy_Zx4xdzrLr7uvRd3opanO35F2NFzdn4e

lJVpzuGt-_T62POrIgv-

O81asZ9jZEKlCcZpm8coQqMQZSgwUBGBByMTg0kcp2OFVkQ6sGPkdVsaGqtsl

OXRBRwgH8afFY60Zy7Biwl0SZHrUGgjM00filgkqAkcyTRF24BbdveInVMsUGN

FBZjPLKtRjTqsmSoVQaMGNNl7IwIONPZqzmpAyxk_Sl2Ourn5t_kK9p0Mq0untG

CvWCzt9S_L6sb1GL4POt9PYc_e

Frauenstein, E. D., & Flowerday, S. (2020). Susceptibility to phishing on social network

sites: A personality information processing model. Computers & security, 94,

101862-101862. https://doi.org/10.1016/j.cose.2020.101862
Griffin, R. J., Neuwirth, K., Giese, J., & Dunwoody, S. (2016). Linking the Heuristic-

Systematic Model and Depth of Processing. Communication research, 29(6), 705-

732. https://doi.org/10.1177/009365002237833

Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2016). Fighting against phishing

attacks: state of the art and future challenges. Neural computing & applications,

28(12), 3629-3654. https://doi.org/10.1007/s00521-016-2275-y

Jakobsson, M. (2018). Two-factor inauthentication – the rise in SMS phishing attacks.

Computer fraud & security, 2018(6), 6-8. https://doi.org/10.1016/S1361-

3723(18)30052-6

Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing Detection: A Literature Survey. IEEE

Communications Surveys & Tutorials, 15(4), 2091-2121.

https://doi.org/10.1109/SURV.2013.032213.00009

Lin, T., Capecci, D., Ellis, D., Rocha, H., Dommaraju, S., Oliveira, D., & Ebner, N. (2019).

Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and

Email Content. ACM Transactions on Computer-Human Interaction (TOCHI), 26(5),

1-28. https://doi.org/10.1145/3336141

Moreno-Fernández, M. M., Blanco, F., Garaizar, P., & Matute, H. (2017). Fishing for

phishers. Improving Internet users' sensitivity to visual deception cues to prevent

electronic fraud. Computers in human behavior, 69, 421-436.

https://doi.org/10.1016/j.chb.2016.12.044

Plamer, D. (2017). 1.4 million phishing websites are created every month: Here's who the

scammers are pretending to be. https://www.zdnet.com/article/1-4-million-phishing-

websites-are-created-every-month-heres-who-the-scammers-are-pretending-to-be/
Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing

detection from URLs. Expert systems with applications, 117, 345-357.

https://doi.org/10.1016/j.eswa.2018.09.029

Scamwatch. (2020, August 2020). Phishing

https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-

information/phishing

Verizon. (2020). Data Breach Investigations Report. https://dd80b675424c132b90b3-

e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/2020-verizon-

data-breach-investigations-report.pdf