Today, many power utilities’ process control systems are manufactured upon commodity information technology solutions which exchange data with the office environment in various ways. With the emergence of the smart technologies, the development of commercial-of-the-shelf software will undoubtedly increase. Unsurprisingly, the interest in critical groundwork from cyber attackers is simultaneously increasing. Along these lines, the need to evaluate cyber security vulnerabilities in power utility foundations is greater than ever (Holm, 2013).
A typical method of conducting social engineering is by email, also called phishing. Phishing is a form of online identity stealing that integrates both social engineering and technical deception to steal victims’ financial account permits and personal identity information (Conteh, 2016). Successful phishing does not only end in the hacker acquiring login and password information, but also gives them the complete access of the computer systems through attacks using software weaknesses (Ferolin, 2012).
In a usual phishing attack, the phisher copies a website, very similar to the original and trusted one (Hong, 2012). The phisher then sends a fake e-mail which is known as a scam to the user. In majority of cases, users are referred to the website directly through the link attached in the scam. By clicking the embedded link, most unaware users land on the unwanted website and they may enter information that gives access to the phisher. In this manner, the phisher has acquired the adequate data for their fraudulent aims. The phisher may utilize the user’s identity and information to withdraw from bank accounts or even ask from the victim’s relatives (Saberi, 2007).
According to McCombie (2010), phishing is a major problem around the world, resulting for more than $7.5 Billion in losses between 2005 and 2008 in the US alone. Internet banks in Australia have been a victim of phishing attacks since early 2003. Phishing is still an on-going problem to this date without decline (Martin, 2011).
In the study conducted by Garera (2007), it was stated that phishing attacks are increasing rapidly by each passing day. A total of 27,221 distinctive phishing URLs were detected by the Anti-Phishing Work Group in January 2007. An anti-virus company named “Sophos” claimed that there is an existing downloadable phishing kits. Anyone who has an internet can now easily access these kits and start their own attacks. These kits are thought to have all the web codes and graphics required to create fake websites intended to look very similar as trusted online banking sites.
A study conducted by Birk (2007) which traced organized cybercrimes, elicited some preventive measures when it comes to phishing. Most of those rogue websites are replicas of real web sites, however, there is a slight difference in domain name. Usually these fake web sites are online until the real domain files a complaint. To provide revenues that let users identify fake job offerings, the study suggests blacklisting these web sites and emails.
In the Philippines, a study conducted by Ong (2012) describes the terrorizations of information systems faced by top companies in Metro Manila. Based on the results, out of 58 companies, 27 elicited that the crime their computer system experience was unaccredited access to computer files and 18 companies stated credit card scam.
Phishing has become a severe network security problem. Billions of dollars are loss to both consumers and companies. And perhaps, phishing has made e-commerce doubted and unattractive to normal consumers (Chen, 2006).
Overall, phishing is existent and risky. Everyone needs to be careful because it can happen to everybody. Getting scammed is very stressful and expensive. Thus, we need to watch out and always keep your senses open to anything that distantly sounds unusual because it may very well be phishers scanning for their next target. Phishing is a developing crime that everyone must be aware of. In spite of the fact that laws have been instituted, education still is the best safeguard against phishing. Being suspicious is recommended to all electronic correspondence and websites. Pay special attention to verification requests, urgency, spelling and grammar errors. Likewise, get in the habit of contrasting the given URL with an autonomous search for the organization’s website.