“You just won $50 million. Please reply with your debit card digits and its expiry date in the next 30 minutes to receive your reward.”
“You just qualified for a lotto jackpot of $16 million. Please click this link to claim your prize.”
These sound familiar, right? Yes. Everyone who uses the internet must have gotten these kinds of emails at some point in their lives. As ridiculous as these messages may sound to you, they have been an effective tool for stealing people’s personal and financial information on the internet.
Welcome to the world of Phishing!
A phishing attack is a type of cybercrime which involves tricking humans to reveal private information about themselves that cybercriminals can exploit to carry out fraudulent activities such as credit card theft, identity theft, and other forms of fraud. As simple as this may sound, it is one of the most successful means of cyber-fraud, as Webroot reported that “nearly 1.5 million new phishing sites are created each month”. This technique is so successful because it takes advantage of the weakest link on the internet – humans. Phishing attacks easily bypass computer security measures because they focus on manipulating humans, their behaviours, and their reactions to information presented by the cyber-attacker through the victim’s device.
Although technology stakeholders are actively implementing measures to track, monitor and prevent phishing attacks on the internet, it is very important to focus more on raising users’ awareness about the evolving techniques and tricks used by these criminals. This would encourage internet users to actively tighten their internet behaviours to protect themselves from these attacks.
My research has also contributed to this cause by developing a persuasive game to promote awareness about phishing attacks called Phisher Crush. The game, which is modelled after popular match-up memory games such as Candy Crush and MatchUp, actively engages users through the gameplay and also educates them about identifying potential phishing links and emails that may lead to attacks by cybercriminals.
Sadly, as long as criminals still exist in our world, phishing will always exist on the internet, no matter how hard we try to eliminate it. An effective way of eliminating this threat is to enlighten internet users about these attacks. This will reduce the number of potential phishing victims, which may discourage cybercriminals from exploring this technique.
As I always say, “When there are no more ‘phishes’ in the sea, the phishers will stop phishing.”