ABSTRACT

Phishing, the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity via electronic communication, has quickly evolved beyond low-skill schemes that relied on casting “a wide net.” Spear phishing attacks target a particular high-value individual utilizing sophisticated techniques. This study aims to describe the current state of phishing, the expected technological advances and developments of the near future, and the best prevention and enforcement strategies. Data comes from interviews with approximately 60 information technology security professionals, “hackers,” and academic researchers. Routine Activity Theory provided an operational framework; while it is an imperfect fit for most crimes, it provides enough explanatory power for cyber-crimes. Interviewees mainly agreed: First, technological advances increase the proliferation of phishing attacks, but also aid in their detection. It has never been easier to conduct a simple attack, but a good attack requires more effort than ever before. Second, phishing is directly responsible financial fraud and, indirectly, as the primary attack vector for ransomware. Third, newer types of attacks utilizing technology, like deepfakes, will make the problem worse in the short-term. Fourth, prevention will come from machine learning and public education akin to WIFI security improvement via the combination of encryption and password awareness.

摘要

网络钓鱼是一种通过电子通信伪装成可信赖的实体来获取敏感信息的欺诈性尝试，其发展已迅速超越了依靠铸造“宽广网络”的低技能计划。鱼叉式网络钓鱼攻击利用复杂的技术针对特定的高价值个人。这项研究旨在描述网络钓鱼的现状，在不久的将来预期的技术进步和发展以及最佳的预防和执行策略。数据来自对大约60名信息技术安全专业人员，“黑客”和学术研究人员的采访。日常活动理论提供了一个运作框架；尽管它不适合大多数犯罪，但它为网络犯罪提供了足够的解释力。受访者主要同意：首先，技术进步增加了网络钓鱼攻击的扩散，但也有助于对其进行检测。进行简单的攻击从来没有像现在这样容易，但是好的攻击比以往任何时候都需要更多的努力。第二，网络钓鱼直接造成了金融欺诈，并间接成为勒索软件的主要攻击媒介。第三，在短期内，诸如Deepfake等利用技术的新型攻击将使问题更加严重。第四，预防将来自机器学习和公共教育，类似于通过加密和密码识别相结合来提高WIFI安全性。网络钓鱼是直接的财务欺诈行为，间接地是勒索软件的主要攻击媒介。第三，在短期内，诸如Deepfake等利用技术的新型攻击将使问题更加严重。第四，预防将来自机器学习和公共教育，类似于通过加密和密码识别相结合来提高WIFI安全性。网络钓鱼是直接的财务欺诈行为，间接地是勒索软件的主要攻击媒介。第三，在短期内，诸如Deepfake等利用技术的新型攻击将使问题更加严重。第四，预防将来自机器学习和公共教育，类似于通过加密和密码识别相结合来提高WIFI安全性。