TECHSPIRITED (2021) Importance of Computer Ethics.[Online] TECHSPIRITED. Available from: Importance of Computer Ethics - Tech Spirited  [Accessed 30/04/2021].

 ROHAN, A(2020) THE IMPORTANCE OF COMPUTER ETHICS.[Online] USUPDATES. Available from:  THE IMPORTANCE OF COMPUTER ETHICS. (usupdates.com) [Accessed 30/04/2021].

 Goldsborough, R. (2000) Computers and ethics. Medford: Information Today, Inc.

GOVUK(2020) Avoid and report internet scams and phishing.[Online] GOVUK. Available from: Avoid and report internet scams and phishing - GOV.UK (www.gov.uk)[Accessed 30/04/2021].

 In conclusion, Social media attacks usually are not discussed as original attack. Therefore, the lack of awareness will probably cause reinforcement in social media attacks. Hence, identify the motives of phishing could decrease the probability of phishing, as well as avoid the causative factors which are encouraging fraudsters concentrating on your accounts. Ideally, ‘if users were motivated to systematically process the information they receive, checking it for validity, there would presumably be less victims of phishing’ (Flowerday, V and Frauenstein, D,2016).

References:

 FRAUENSTEIN, D and FLOWERDAY, V (2016) "Social network phishing: Becoming habituated to clicks and ignorant to threats?" 2016 Information Security for South Africa (ISSA), 2016, pp. 98-105, doi: 10.1109/ISSA.2016.7802935.

   The majority of users share a massive number of personal information, thinking that it is reliable and preserves privacy. In fact, it is noticed that a significant spread of violation of privacy and theft of personal data. Additionally, phishing attacks on social media occur to certain individuals than others. Indeed, some factors make you more susceptible to phishing attacks (Parker, J and Flowerday, V,2020). Besides, online habit is considering an essential factor, energetic individuals on social media are more expected to expose to phishing attacks than those who are inactive on social media platforms (Parker, J and Flowerday, V,2020 cited in Vishwanath,2015). Demographic factors such as sexes and age group have also been found as one of affecting phishing susceptibility. Hence, the ages between 18 to 25 are more likely to be attacked (Parker, J and Flowerday, V,2020).

The criminals have several aims to phishing, such as stealing identities and qualifications (Deliri and Albanese, 2015). Furthermore, fraudsters probably concentrate on financial aims. For instance, they might steal the victim's bank details or they could open a bank account in your name if he has sufficient data (Wilson, 2019). Moreover, phishing in social media comes in several ways, such as fake customer service accounts, fake comments on popular posts, fake online discounts and fake trending videos. Therefore, some components could assist you to protect your accounts from any risk of your privacy. First, if you have a follow request from an anonymous, refuse it immediately (Strawbridge,2019). Second, consistently check and change your security settings to confine what individuals can and cannot see on your profile (Strawbridge,2019). Third, do not click on links that demanding your personal data. Fourth, choose a complicated and unique username and password to make it impossible to guess your details. Fifth, use an antivirus to protect your device from malware, numerous great antivirus programs caution you at whatever point you download an obscure connection or attempt to get to a dubious site.(Lockwood,2019).

References:

PARKER, J. and FLOWERDAY, V (2020 Contributing factors to increased susceptibility to social media phishing attacks. South African Journal of Information Management. [Online] 22 (1). Available from: https://search-proquest-com.proxy.library.dmu.ac.uk/docview/2414201019/fulltext/DE3FF98FC4C747A1PQ/1?accountid=10472 [Accessed 30/04/2021].

ALBANESE, M and DELIRI, S. (2015) security and privacy issues in social networks Data Management in Pervasive Systems. Springer Cham, Heidelberg, New York, pp. 195-209.

EDITOR (2016) 5 simple ways you can protect yourself from phishing attacks. [Online] WELIVESECURITY. Available from: 5 simple ways you can protect yourself from phishing attacks | WeLiveSecurity [Accessed 26/04/2021].

VINSONHALER, M(2018) Preventing Social Media Phishing. [Weblog] DLVR.IT. 14th February. Available from: Preventing Social Media Phishing [INFOGRAPHIC] - (dlvrit.com)[Accessed 26/04/2021].

STRAWBRIDGE, G (2019) How To Protect Yourself From Social Media Phishing. [Online] METACOMPLIANCE . Available from: How To Protect Yourself From Social Media Phishing | MetaCompliance [Accessed 26/04/2021].

INSPIERDELEARNING (2017) Social Media Phishing: A Primer. [Weblog] INSPIERDELEARNING. 19th October. Available from: Social Media Phishing: A Primer | Inspired eLearning Blog[Accessed 26/04/2021].

SEYMOUR, J and TULLY, P (2016). Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter. [Online]. Available from: us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter-wp.pdf (blackhat.com)

CASTLE, A (2018) Just Keep Swimming: How to Avoid Phishing on Social Media. [Weblog] WEBROOT. 22nd January. Available from: Avoiding Phishing on Social Media | Webroot [Accessed 26/04/2021].

      The term of phishing concept was going back as far as the early 1990s through America Online (AOL).  A group of hackers called themselves as warez community and impersonated AOL employees(Phishing,2017). The first method in which phishers carried attacks was done by using algorithms to constitute random credit card numbers to steal users’ passwords(Phishing,2017). However, it was put a stop to that types of those illegal activities by AOL in 1995 via innovative security measures in order to prevent the random illegal usage of credit card numbers( PHISHPROTECTION,2019). Nevertheless, at the present time, there is been divergences in phishing methods as the fraudulent are migrating to social media. According to Parker’s and Flowerday’s 2020 study (cited in ProofPoint,2018) demonstrates that there is a noticeable rise in phishing attempts in social media by 30% from the first quarter of 2018. The research project that I am carrying out this semester is going to determine the factors that lead to increase in the likelihood of being attacked by phishing on social media in particular, besides educating social media users about the riskiness of phishing attacks including criminals' purposes, as well as some techniques to protect users' accounts and maintain privacy. 

References:

PARKER, J. and FLOWERDAY, V (2020 Contributing factors to increased susceptibility to social media phishing attacks. South African Journal of Information Management. [Online] 22 (1). Available from: https://search-proquest-com.proxy.library.dmu.ac.uk/docview/2414201019/fulltext/DE3FF98FC4C747A1PQ/1?accountid=10472 [Accessed 30/04/2021].

 PHISHING (2017) History of Phishing. [Online] PHISHING. Available from: Phishing | History of Phishing [Accessed 30/04/2021].

 PHISHPROTECTION (2019) History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks. [Online]  PHISHPROTECTION. Available from: History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks | PhishProtection.com [Accessed 30/04/2021].

What is Malware?

The term malware defines as a ruin in devices and steals information caused by software, commonly creates by hackers who aim to steal money. However, there are several purposes to usage malware. For example, an instrument to remonstrance or a method of war between countries (avg,2019). 

What are the types of Malware?

There are several kinds of malware depending on its purposes. A simple classification of malware consists of file infectors and stand-alone malware. Another way of classifying malware is based on into their particular action: virus, worms, backdoor, trojans,. computer virus detection has evolved into malicious program detection since Cohen first formalizes the term computer virus in 1983 (Nandal,2017). However, the number of new malware specimen is significantly increasing as displayed in the below image.

How does it work? 

Regardless of the kind, all malware follows a similar fundamental example: The client accidentally downloads or introduces the malware, which contaminates the gadget (aavast, 2019).

Most malware diseases happen when you coincidentally play out an activity that causes the malware to be downloaded. This activity may be clicking a connection in an email or visiting a noxious site. In different cases, programmers spread malware through distributed record sharing administrations and free programming download packs. Installing a touch of malware in a well-known downpour or download is a compelling method to spread it across a wide client base. Cell phones can likewise be contaminated through instant messages (aavast, 2019).

Another method is to stack malware into the firmware of a USB stick or flash drive. Since the malware is stacked onto the device's inner hardware (instead of its record stockpiling), your device is probably not going to distinguish the malware. This is the reason you ought to never embed a new USB  into your PC (aavast, 2019).

How would I ensure the safety of my network against malware?

Regularly, organizations concentrate on protection instruments to stop breaks. By securing the border, organizations expect they are protected. Some high-level malware, be that as it may, will in the end advance into your network.   Thus, it is critical to send innovations that consistently screen and distinguish malware that has sidestepped edge protections. Adequate progressed malware insurance requires numerous layers of shields alongside significant level network perceivability and insight (CISCO, 2020).

References: 

FOLAMI, D (2020) Facing malware or virus issues on your Windows 10 PC? Here’s what to do. [Online image] Available from: Facing malware or virus issues on your Windows 10 PC? Here's what to do (jbklutse.com) [Accessed 24/04/2021].

 REGAN, J (2019) What Is Malware? How Malware Works & How to Prevent It. [Online] AVG. Available from: What is Malware? How Malware Works & How to Prevent It | AVG [Accessed 24/04/2021].

 BELCIC, I (2019) What Is Malware?. [Online] AVAST. Available from: What is Malware & What Does it Do? | Malware Definition | Avast [Accessed 24/04/2021].

 CISCO(2018) What Is Malware?. [Online] CISCO. Available from: What is Malware? - Definition and Examples - Cisco [Accessed 24/04/2021].

Nandal, P (2017) Malware Detection, Diplomica Verlag, Hamburg. [Online]  Available from: ProQuest Ebook Central - Detail page. [Accessed 24/04/2021].

Phishing is a branch of cyber threats. However, what do we mean by phishing?

Phishing is known as a criminal offence in which a person pretends that he is a legitimate institution, in order to deceive the target people and steal secret information, such as personal data and banking details. Moreover, the criminal contacts the victims by email, telephone or text message (PHISHING,2019). 

What are the reasons for Phishing?

There is one obvious straightforward reason for phishing: money. Identity theft is simple and almost hazard-free. Gartner reports that just 1 of every 700 identity thieves are arraigned. Thus, phishing simplifies theft and reduces the percentage of negative consequences ( Lininger, R and Vines, R,2005).

What happens in a phishing attack?

 ( Lininger, R and Vines, R,2005).

What are the used methods for a phishing attack?

Frequently, phishing is used by two approaches Malicious attachments and Access to malicious websites by links. 

1- Malicious attachments

How to identify a phishing attack?

Here are some points assist you to recognise Phishing attack:

* If the email sent by someone you do not talk with usually, be careful!  Particularly if the email contains something irrelevant to your responsibilities (alwarebytes,2020).  

*The message attached with malware or ransomware overwhelmingly will be included as an unexpected message (alwarebytes,2020).

*Check hyperlinks because of a fake URL containing misspellings. Consequently, reveals a phishing attempt (alwarebytes,2020). 

For instance; 

As it is shown, a phishing attempt asked the victim to click on 'Confirm Now'. Nevertheless, concentrating on the URL in the red rectangle, you will see the random numbers that make the message questionable. 

Reference:

ANTIBEX (2018) How Cyber-Secure Is Your Business?. [Online image] Available from: How Cyber-Secure Is Your Business? - Antibex Software[Accessed 24/04/2021].

PHISHING(2017) What Is Phishing?. [Online] PHISHING. Available from: Phishing | What Is Phishing? [Accessed 24/04/2021].

ITGOVERNANCE(2019) Phishing attacks and how to avoid them. [Online] ITGOVERNANCE. Available from: What is phishing? Everything you need to know | IT Governance UK [Accessed 24/04/2021].

ALWAREBYTES(2019) What is phishing?. [Online] ALWAREBYTES. Available from: What is phishing? How to protect from types of phishing? | Malwarebytes [Accessed 24/04/2021].

LININGER, R and VINES, R(2005) Phishing Cutting The Identity Theft Line.  [Online] Available from: ProQuest Ebook Central - Detail page[Accessed 24/04/2021].

At the present, smartphones are being a fundamental part of our lives. It is essential for daily tasks, such as shopping, online banking and social media. Therefore, it could expose personal information to risk cyber threats. Cyber threats define as ruin data or obstruct the digital prosperity and cohesion of a venture that is caused by virulent action (Roy, 2021). The perpetrators of Cyber threats have targeted many victims, which leads to negative short and long-term impacts, that include:

Short-term impacts:

1- Affecting the day-by-day activities of individuals and clients (for example influencing their capacity to receive contemporary data and doing banking operations, for example, pulling out cash from ATMs (CHOO,2011).

2- Affecting the daily activities of organizations and government. This can bring about critical monetary and different misfortunes to organizations, for example, openness to claims (for example in cases including breaks of clients' information, and expansion in operational expenses (for example financial losses because of the criminal activities and rise in security spending) (CHOO,2011).

Long-term impact:

1- Public security penetrates (for example the incident in 2010 where secret government data was spilled to Wikileaks (CHOO,2011).

2- Social discontent and turmoil (for example loss of public trust in the public authority regardless of whether the real harm brought about by the cybercriminal exercises was negligible (CHOO,2011)

  The severity of cyber threats might occur to major companies which led to a significant decrease in the company economy and notoriety (NIBUSINESS,2020). Examples of major companies that have been exposed to cyber threats:

1- NetSky and Sasser Worms:  In 2005, the computers were destroyed by a DDoS attack, around the quarter of the virus were resulting from Jaschan’s worms, the losses from that attack estimated by 20 billion dollars (TENINFO, 2020).

2- WannaCry Ransomware Attack: It is a notorious Ransomware attack, first the hackers requested an amount of $300 in Bitcoin or they will encrypt the company's data. However, after 3 days the amount doubled to  $600 due to the non-payment. The damages to decrypt cost more than $4 billion (TENINFO, 2020).

3- Sony PlayStation Network: Sony’s PlayStation Network faced a DDoS attack which disconnected the internet for around 3 weeks, the hackers exploited the defects in the system, and they succeeded in stealing from more than 77 million customers. Sony PlayStation lost more than £171 million to repay the customers for what was stolen. (TENINFO, 2020).

On the business side, how could a businessman manage the big risk of cyber threats with third parties? the risks associated with engaging third-party vendors is titled “Managing the Big Risk.” It is called the Big Risk due to that it is a massive risk, perhaps the most massive. Third parties introduce a variety of risks into virtually every environment. Small and large companies alike use multiple third-party vendors. Some companies use literally thousands of third-party vendors to assist in a wide range of operations. However, the FDIC suggests 10 essential examination contemplations (Ulsch, MacDonnell, and N MacDonnell Ulsch,2014):

1- Assess how the third party may represent a danger to your organization, not by the title or level of a position, yet rather by the level of access to data (Ulsch, MacDonnell, and N MacDonnell Ulsch,2014). 

2-  Ensure the outsider is open and receptive to addressing the individual verification measure. Trust yet confirm, as the saying goes (Ulsch, MacDonnell, and N MacDonnell Ulsch,2014). 

References:

 DEVRY, J (2017) Hunting for Needles in Haystacks. [Online image] Available from: Hunting for Needles in Haystacks - Cybersecurity Insiders (cybersecurity-insiders.com) [Accessed 23/04/2021].

 NCSC (2016) What is cyber security?. [Online]  NCSC. Available from: What is cyber security? - NCSC.GOV.UK [Accessed 23/04/2021].

 ROY, R (2021) What Is a Cyber Threat? Definition, Types, Hunting, Best Practices, and Examples. [Online]  TOOLBOX. Available from: What Is a Cyber Threat? Definition, Types, Hunting, Best Practices, and Examples | Toolbox It-security [Accessed 23/04/2021].

 NIBUSINESS (2017) Cyber security for business. [Online]  NIBUSINESS. Available from: Impact of cyber attack on your business | nibusinessinfo.co.uk [Accessed 23/04/2021].

TENINFO (2020) Top 10 of the World’s Largest Cyber Attacks. [Online] TENINFO. Available from: Top 10 of the World’s Largest Cyber Attacks - The Education Network (ten.info) [Accessed 23/04/2021].

CHOO, K (2011) The cyber threat landscape: Challenges and future research directions,Computers & Security. Australia :Mawson Lakes campus.

Ulsch, M, and Ulsch, N (2014) Cyber Threat! : How to Manage the Growing Risk of Cyber Attacks, John Wiley & Sons, Incorporated, Somerset. Available from: ProQuest Ebook Central - Detail page [Accessed 23/04/2021].

 Name: Lajeen Alsagour

Project Title:  Phishing On Social Media