Advertisement

Phishing and Financial Manipulation

  • Byung LeeEmail author
  • Seung Yeop Paek
Living reference work entry
  • 3 Downloads

Abstract

The purpose of this chapter is to provide an overview of the literature concerning the prevalence manipulation. Specifically, the chapter reviews the following topics: (a) history and statistics associated with phishing, (b) definitions and types of phishing, (c) individual characteristics and social networks of phishers, and (d) theoretical and technical factors related to phishing victimization. The chapter concludes with suggestions for mitigating and preventing the threats of phishing.

Keywords

Phishing Online fraud Identity theft Financial crimes on the internet 

References

  1. Anderson, K. B. (2011). Consumer Fraud in the United States 2011. The Third FTC Survey. Washington, DC: Federal Trade Commission.Google Scholar
  2. APWG. (2017). Phishing activity trends report (4th Quarter). Retrieved from http://docs.apwg.org/reports/apwg_trends_report_q4_2017.pdf.
  3. APWG. (2018). Phishing activity trends report (1st Quarter). Retrieved from http://docs.apwg.org/reports/apwg_trends_report_q1_2018.pdf.
  4. Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304–312.CrossRefGoogle Scholar
  5. Bailey, D. V., Dürmuth, M., & Paar, C. (2014). Statistics on password re-use and adaptive strength for financial accounts. Security and Cryptography for Networks, 218–235.Google Scholar
  6. Banu, M. N., & Banu, S. M. (2013). A comprehensive study of phishing attacks. International Journal of Computer Science and Information Technologies, 4(6), 783–786.Google Scholar
  7. BBC News. (2019, February 28). Payment scam victims more likely to be reimbursed. Retrieved from https://www.bbc.com/news/business-47409530.
  8. Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3(1), 400–420.Google Scholar
  9. Bossler, A. M., & Holt, T. J. (2010). The effect of self-control on victimization in the cyberworld. Journal of Criminal Justice, 38(3), 227–236.CrossRefGoogle Scholar
  10. Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., & Chon, S. (2014). An analysis of the nature of groups engaged in cyber crime. International Journal of Cyber Criminology, 8(1), 1–20.Google Scholar
  11. Bullee, J. W., Montoya, L., Junger, M., & Hartel, P. (2017). Spear phishing in organisations explained. Information & Computer Security, 25(5), 593–613.CrossRefGoogle Scholar
  12. Camp, C. (2017). PayPal users targeted in sophisticated new phishing campaign. Retrieved from https://www.welivesecurity.com/2017/01/27/paypal-users-targeted-sophisticated-new-phishing-campaign.
  13. Chiew, K. L., Yong, K. S. C., & Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106, 1–20.CrossRefGoogle Scholar
  14. Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), 719–731.CrossRefGoogle Scholar
  15. Choo, K. K. R., & Smith, R. G. (2008). Criminal exploitation of online systems by organised crime groups. Asian Journal of Criminology, 3(1), 37–59.CrossRefGoogle Scholar
  16. Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the creation, distribution, and function of malware on-line. Washington, DC, National Institute of Justice. Retrieved from: https://www.ncjrs.gov./pdffiles1/nij/grants/230112.pdfGoogle Scholar
  17. Cohen, K. (2017, June 18). Global eCommerce sales, trends and statistics 2016. Remarkety. Retrieved from https://www.remarkety.com/global-ecommerce-trends-2016.
  18. Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608.CrossRefGoogle Scholar
  19. Curtis, S. R., Rajivan, P., Jones, D. N., & Gonzalez, C. (2018). Phishing attempts among the dark triad: Patterns of attack and vulnerability. Computers in Human Behavior, 87, 174–182.CrossRefGoogle Scholar
  20. Cutillo, L. A., Manulis, M., & Strufe, T. (2010). Security and privacy in online social networks. In Handbook of social network technologies and applications (pp. 497–522). Boston: Springer.CrossRefGoogle Scholar
  21. Debatin, B., Lovejoy, J. P., Horn, A. K., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication, 15(1), 83–108.CrossRefGoogle Scholar
  22. De Kimpe, L., Walrave, M., Hardyns, W., Pauwels, L., & Ponnet, K. (2018). You’ve got mail! Explaining individual differences in becoming a phishing target. Telematics and Informatics, 35(5), 1277–1287.Google Scholar
  23. ENISA. (2017). Threat landscape report 2016–15 top cyber-threats and trends. European Union Agency for Network and Information Security. Retrieved from https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016.
  24. Federal Bureau of Investigation. (2009, April 1). Spear phishers. Angling to steal your financial info. Retrieved from https://archives.fbi.gov/archives/news/stories/2009/april/spearphishing_040109.
  25. Finkle, J., & Hosenball, M. (2014, January 12). Exclusive: More well-known U.S. retailers victims of cyber attacks. Reuters. Retrieved from http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112.
  26. Fox, S. (2013). 51% of US adults bank online. Washington, DC: Pew Research Center. Retrieved from http://pewinternet.org/Reports/2013/Online-banking.aspx.Google Scholar
  27. Franceschi-Bicchierai, L. (2016, May 18). Another day, another hack: 117 million LinkedIn emails and passwords. Motherboard. Retrieved from http://motherboard.vice.com/read/another-day-another-hack-117-million-linkedin-emails-and-password.
  28. Gottfredson, M. G., & Hirschi, T. (1990). A general theory of crime. Palo Alto, CA: Stanford University Press.Google Scholar
  29. Grabosky, P. (2001). Virtual criminality: Old wine in new bottles? Social and Legal Studies, 10(2), 243–249.CrossRefGoogle Scholar
  30. Grabosky, P., & Smith, R. (2001). Telecommunication fraud in the digital age: The convergence of technologies. In D. Wall (Ed.), Crime and the internet. London: Routledge.Google Scholar
  31. Graham, R., & Triplett, R. (2017). Capable guardians in the digital environment: the role of digital literacy in reducing phishing victimization. Deviant Behavior, 38(12), 1371-1382.Google Scholar
  32. Holt, T. J. (2013). Examining the forces shaping cybercrime markets online. Social Science Computer Review, 31(2), 165–177.CrossRefGoogle Scholar
  33. Holt, T. J., & Bossler, A. M. (2009). Examining the applicability of lifestyle-routine activities theory for cybercrime victimization. Deviant Behavior, 30(1), 1–25.CrossRefGoogle Scholar
  34. Holt, T. J., & Bossler, A. M. (2013). Examining the relationship between routine activities and malware infection indicators. Journal of Contemporary Criminal Justice, 29(4), 420–436.CrossRefGoogle Scholar
  35. Holt, T. J., & Bossler, A. M. (2014). An assessment of the current state of cybercrime scholarship. Deviant Behavior, 35(1), 20–40.CrossRefGoogle Scholar
  36. Holt, T. J., & Lampke, E. (2010). Exploring stolen data markets online: Products and market forces. Criminal Justice Studies, 23(1), 33–50.CrossRefGoogle Scholar
  37. Holt, T. J., & Turner, M. G. (2012). Examining risks and protective factors of on-line identity theft. Deviant Behavior, 33(4), 308–323.CrossRefGoogle Scholar
  38. Holtfreter, K., Reisig, M. D., Pratt, T. C., & Holtfreter, R. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users. Psychology, Crime & Law, 21(7), 681–698.Google Scholar
  39. Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2015). Cybercrime and Digital Forensics: An Introduction. Routledge: New York.Google Scholar
  40. Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: Factors impacting susceptibility to phishing attacks. Human-Centric Computing and Information Sciences, 6 (1), 8.Google Scholar
  41. Jakobsson, M., & Myers, S. (eds) (2006). Phishing and countermeasures: Understanding the increasing problem of electronic identity theft. John Wiley & Sons.Google Scholar
  42. Jansen, J., & Leukfeldt, R. (2016). Phishing and malware attacks on online banking customers in the Netherlands: A qualitative analysis of factors leading to victimization. International Journal of Cyber Criminology, 10(1), 79–91.Google Scholar
  43. Kigerl, A. (2012). Routine activity theory and the determinants of high cybercrime countries. Social Science Computer Review, 30(4), 470–486.CrossRefGoogle Scholar
  44. Kim, T. (2012, February 15). How to avoid ‘voice phishing’. The Korea Times. Retrieved from http://www.koreatimes.co.kr/www/news/opinon/2012/02/167_104914.html.
  45. Konradt, C., Schilling, A., & Werners, B. (2016). Phishing: An economic analysis of cybercrime perpetrators. Computers & Security, 58, 39–46.CrossRefGoogle Scholar
  46. Kumar, S., & Sharma, R. R. (2014). An empirical analysis of unsolicited commercial e-mail. Paradigm, 18(1), 1–19.Google Scholar
  47. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology, 10(2), 1–31.CrossRefGoogle Scholar
  48. Lastdrager, E. E. H. (2014). Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science, 3(9), 1–6.Google Scholar
  49. Leukfeldt, E. R. (2014). Phishing for suitable targets in the Netherlands: Routine activity theory and phishing victimization. Cyberpsychology, Behavior and Social Networking, 17(8), 551–555.CrossRefGoogle Scholar
  50. Leukfeldt, E. R., & Yar, M. (2016). Applying routine activity theory to cybercrime: A theoretical and empirical analysis. Deviant Behavior, 37(3), 263–280.CrossRefGoogle Scholar
  51. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2016). Cybercriminal networks, social ties and online forums: Social ties versus digital ties within phishing and malware networks. British Journal of Criminology, 57(3), 704–722.Google Scholar
  52. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017a). Origin, growth and criminal capabilities of cybercriminal networks. An international empirical analysis. Crime, Law and Social Change, 67(1), 39–53.CrossRefGoogle Scholar
  53. Leukfeldt, E. R., Lavorgna, A., & Kleemans, E. R. (2017b). Organised cybercrime or cybercrime that is organised? An assessment of the conceptualisation of financial cybercrime as organised crime. European Journal on Criminal Policy and Research, 23(3), 287–300.CrossRefGoogle Scholar
  54. Myers, S. (2006). Introduction to phishing. In M. Jakobsson & S. Myers (Eds.), Phishing and countermeasures: Understanding the increasing problem of electronic identity theft. Hoboken: Wiley.Google Scholar
  55. Newman, G., & Clarke, R. (2003). Superhighway robbery: Preventing e-commerce crime. Portland: Willan Publishing.Google Scholar
  56. Ngo, F. T., & Paternoster, R. (2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1), 773–793.Google Scholar
  57. Paek, S. Y., & Nalla, M. K. (2015). The relationship between receiving phishing attempt and identity theft victimization in South Korea. International Journal of Law, Crime and Justice, 43(4), 626–642.CrossRefGoogle Scholar
  58. Ponemon Institute. (2015). The cost of phishing and value of employee training. Retrieved from http://www.rsaconference.com/blogs/how-much-will-that-phishing-trip-cost-you.
  59. Pratt, T. C., Holtfreter, K., & Reisig, M. D. (2010). Routine online activity and internet fraud targeting: Extending the generality of routine activity theory. Journal of Research in Crime and Delinquency, 47(3), 267–296.CrossRefGoogle Scholar
  60. Reinicke, C. (2018, June 21). The biggest cybersecurity risk to US businesses is employee negligence, study says. CNBC News. Retrieved from https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.
  61. Reisig, M. D., Pratt, T. C., & Holtfreter, K. (2009). Perceived risk of internet theft victimization: Examining the effects of social vulnerability and financial impulsivity. Criminal Justice and Behavior, 36(4), 369–384.Google Scholar
  62. Reyns, B. W. (2013). Online routines and identity theft victimization: Further expanding routine activity theory beyond direct-contact offenses. Journal of Research in Crime and Delinquency, 50(2), 216–238.CrossRefGoogle Scholar
  63. Reyns, B. W., & Henson, B. (2016). The thief with a thousand faces and the victim with none: Identifying determinants for online identity theft victimization with routine activity theory. International Journal of Offender Therapy and Comparative Criminology, 60(10), 1119–1139.CrossRefGoogle Scholar
  64. Silic, M., & Back, A. (2016). The dark side of social networking sites: Understanding phishing risks. Computers in Human Behavior, 60, 35–43.CrossRefGoogle Scholar
  65. Smith, A., & Anderson, M. (2016). Online shopping and E-commerce. Washington, DC: Pew Research Center. Retrieved from www.pewinternet.org/2016/12/19/online-shopping-and-e-commerce.Google Scholar
  66. Smyre, B. (2018a, March 23). Phishing Emails-social engineering [Blog post]. Retrieved from https://blog.raxis.com/2018/03/23/phishing-part-1-emails/.
  67. Smyre, B. (2018b, April 4). Voice phishing-social engineering [Blog post]. Retrieved from https://blog.raxis.com/2018/04/04/phishing-part-2-calls/.
  68. Symantec. (2017a). Internet security threat report 2017. Retrieved from https://www.symantec.com/security-center/threat-report.
  69. Symantec. (2017b). Mobile threat intelligence report. Retrieved from https://www.symantec.com/content/dam/symantec/docs/reports/mobile-threat-intelligence-report-2017-en.pdf.
  70. Udo, G. J. (2001). Privacy and security concerns as major barriers for e-commerce: A survey study. Information Management & Computer Security, 9(4), 165–174.CrossRefGoogle Scholar
  71. Verizon Enterprise. (2015). 2015 data breach investigations report. Retrieved from http://www.verizonenterprise.com/DBIR/2015/.
  72. Vishwanath, A. (2016). Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks. Computers in Human Behavior, 63, 198–207.CrossRefGoogle Scholar
  73. Wall, D. S. (1998). Catching cybercriminals: Policing the Internet. International Review of Laws. Computers & Technology, 12(2), 201–218.Google Scholar
  74. Wall, D. S. (2001). Crime and the Internet. London: Routledge.CrossRefGoogle Scholar
  75. Williams, M. L. (2015). Guardians upon high: An application of routine activities theory to online identity theft in Europe at the country and individual level. British Journal of Criminology, 56(1), 21–48.CrossRefGoogle Scholar
  76. Van Wilsem, J. (2011). Worlds tied together? Online and non-domestic routine activities and their impact on digital and traditional threat victimization. European Journal of Criminology, 8(2), 115–127.Google Scholar
  77. Wilsem, J. V. (2013). Hacking and harassment – Do they have something in common? Comparing risk factors for online victimization. Journal of Contemporary Criminal Justice, 29(4), 437–453.Google Scholar
  78. Yonhap. (2018, July 11). More fall prey to voice phishing scams in 2017: Data. The Korea Herald. Retrieved from http://www.koreaherald.com/view.php?ud=20180711000546.
  79. Zhou, S. (2015). A survey on fast-flux attacks. Information Security Journal: A Global Perspective, 24(4–6), 79–97.Google Scholar

Copyright information

© The Author(s), under exclusive licence to Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Central Connecticut State UniversityNew BritainUSA
  2. 2.State University of New York at OswegoOswegoUSA

Personalised recommendations