Abstract

This paper describes the history of phishing attacks and how they turned into cyberattacks, focusing on companies. Over the course of 34 years, phishing has been evolving at an alarming rate, especially with AI now coming into play. As phishing attacks have become more prominent towards companies, there has been an increase in financial loss and data breaches, resulting in a loss of trust in companies. With this loss, companies are trying to find solutions to this problem. Some notable attacks were the RSA breach in 2011, the Texas Energy Company in 2014, and the ILOVEYOU virus in 2000. They have tried phishing simulations. This is when, either monthly or yearly, fake phishing emails get sent out to employees to see where improvements need to be made. They have tried different software. Antivirus or anti-phishing software can be used to prevent malicious links from working. The software analyzes the email’s details to determine whether or not it is malicious. They have tried encryption, such as an SSL certificate. However, none of these can block phishing attacks completely. AI will just create more emails to send. Social engineers will curate emails that convince anyone who opens the email to click on the link. AI, social engineers, and hackers will just create an email that can bypass any software. IT departments will become overwhelmed with these emails that one might pass through inspection. There is no solution for companies. The only way to lessen the chances is by either educating the employees or downloading a lot of software.

Faculty Advisor/Mentor

Michael Lapke

Document Type

Paper

Disciplines

Cybersecurity | Information Security

DOI

10.25776/scrt-kp76

Publication Date

11-17-2024

Upload File

wf_yes

Download

Share

COinS
 

Phishing Emails: An Evolving Cyberattack

This paper describes the history of phishing attacks and how they turned into cyberattacks, focusing on companies. Over the course of 34 years, phishing has been evolving at an alarming rate, especially with AI now coming into play. As phishing attacks have become more prominent towards companies, there has been an increase in financial loss and data breaches, resulting in a loss of trust in companies. With this loss, companies are trying to find solutions to this problem. Some notable attacks were the RSA breach in 2011, the Texas Energy Company in 2014, and the ILOVEYOU virus in 2000. They have tried phishing simulations. This is when, either monthly or yearly, fake phishing emails get sent out to employees to see where improvements need to be made. They have tried different software. Antivirus or anti-phishing software can be used to prevent malicious links from working. The software analyzes the email’s details to determine whether or not it is malicious. They have tried encryption, such as an SSL certificate. However, none of these can block phishing attacks completely. AI will just create more emails to send. Social engineers will curate emails that convince anyone who opens the email to click on the link. AI, social engineers, and hackers will just create an email that can bypass any software. IT departments will become overwhelmed with these emails that one might pass through inspection. There is no solution for companies. The only way to lessen the chances is by either educating the employees or downloading a lot of software.