Phishing Problem in Internet Security The number of people browsing the net across the world is increasing with each passing day. There are numerous new internet users each day, and these new users are not aware of the challenges or security issues of the internet. Any online user is vulnerable to numerous security risks like viruses, worms, Trojan horses, hackers, phishing, and pharming. All these are well-documented risks that users face, and some of these risks are constantly evolving. The viruses that users were used to in the past are very different from the ones for today. Scammers have made use of different methods in order to gain access to sensitive user information. The scammers mainly target financial, banking, credit card, and personal information in the frauds. Phishing is a method of gaining personal information from a user by masquerading as the trustworthy entity (Marforio, Masti, Soriente, Kostiainen, & Capkun, 2015). This is mainly done by forging or faking an entity that collects personal information or sensitive information like a bank or credit card processing company. The scammers would send a person an email informing them that they need to update, or their online account has been hacked and they need to act quickly. The content of the email would include a link to the fake website that looks like the real one. When the user inserts their information, the scammer would have access to the information, and they could defraud, steal, or make online purchases using the user's information.

History of phishing

The term phishing was first mentioned in 1996. The term was coined from the word fishing and the letter 'f' was replaced with 'ph' because phishing was linked to underground hackers who were known as phreaks (Rader & Rahman, 2013). Since the hackers were fishing for passwords and financial data, the methods they used were referred to as phishing. The term phishing is used to demonstrate the method they use to lure unsuspecting people in the same manner that people lure fish to take a bite when fishing. The first recorded phishing fraud involved America Online (AOL). AOL provided internet access to millions of people back then, which made it the natural choice for the hackers. The service was popular, and most people had never heard of online scammers. People were vulnerable and would fall prey to the scams easily.

In terms of internet security, phishing is a security concern that is still been carried out till today. The hackers have devised various methods of fishing for user information and credit cards. The hackers are now posting on social media sites, and they are using tantalizing images based on a person's interests to attract their prey. When a person clicks on the link, they are directed to a website that would capture their information. The hackers are still trying to use email to send messages informing the user they need to insert their information in order to verify or update their online information. The scams might have reduced, and they are not as prone as they were initially, but the methodologies are the same and hackers are still trying to make use of them. The importance of phishing is that people are being taught on how to identify the website by checking on the URL bar, and not entering their personal information before they verify the website. The first direct attack attempt for a payment system using phishing was carried out in 2001 on E-gold. The attack was considered unsuccessful, but hackers could now see the feasibility of attacking payment systems. By late 2003, phishers had registered various domains that looked similar to the legitimate domains like eBay, and PayPal (Levin, Richardson, Warner, & Kerley, 2012). This would allow the hackers to trick the user easily. Using almost similar domains would make it hard for the user to establish the authenticity of the domain since most users do not read the whole domain.

Results

Phishing has resulted in fraudulent activities especially for users who do not realize early of the scam. The hackers have managed to sell the information they collect to others who use it for identity theft or other malicious purposes. Initially when hackers phished for online accounts at AOL, the hackers would exchange the account information for hacked copyrighted information. This clearly shows that the hackers are not carrying out this activity for fun, but rather for personal gain. When AOL started the online accounts, it did not use a verification method...

The hackers would then sell the accounts to others, but this was stopped when AOL started using banks to verify the credit cards. The hackers then moved to email scams where they would encourage the user to insert information in their fake web sites by informing them their accounts had been hacked or lacked some information. The users would be gullible enough, and they would willingly supply the information before checking the authenticity of the website.
Currently, the hackers have formed organizations where they target not only individuals, but also high-ranking government officials in different governments across the world. This is now referred to as cyber-attacks, which is the next frontier in the war of supremacy across the world. The number of attacks was 445,004 in 2012 compared to 258,432 in 2011, and 186, 203 in 2010 (Hong, 2012). According to this numbers, one can see that the attacks have been increasing with the advancement of technology. The hackers are devising different methods to perform the same old phishing attacks. Users should be more aware of their online activity and refrain from accessing websites that they do not trust. The hackers have also begun to combine phishing attacks with other kinds of attacks like malware, or Trojan horses.

How to avoid phishing

It has been shown that phishing attacks are increasing each year, and the hackers are devising even better methods to phish for a user's information. A person needs to understand the methodologies used and accept that the internet is not a safe place. There are ways that people can use to ensure they protect themselves and their information from hackers. Most phishing attacks will make use of popup windows, emails, worms, or instant messages. The hackers will first get you worried or excited. They might tell the user that they have won some money, and the company needs the person's banking information in order to transfer the money to their account. Without a second thought, a user would give out their information to the hackers. Another method is informing the user that their account has been hacked, and they need to act immediately (Goodman et al., 2012). The common trend of these methods is that they require the user to act quickly. In case the email contains a link the user could click on the link, but they should verify the authenticity of the link by confirming it is the correct link for the entity been claimed in the email. Before submitting any information, the user should also contact the bank or financial institution in question to confirm they have sent the email.

It is rare that a genuine entity would request a person to resubmit their personal information. For example, if a person has a bank account and they conduct an online transaction using the account, it is not likely that the bank would send the person an email requesting them to resubmit the same information. Even if the bank wants to confirm the authenticity of the person, it will use another verification method. People should be more alert when browsing the internet, and they should avoid clicking and inserting information without thinking. Hackers have also devised other ways of capturing user information. Some of the hackers will use email attachments that contain infected files. If you do not know the person who has sent you an email attachment, it is best that one does not open the file. Deleting the email and its attachment is the recommended action. Some of the emails the hackers send look too genuine, and a user might not differentiate the genuine from the fake. When one wants to confirm the information, they should type in the address of the suggested entity and not click on the links provided in the email. The links provided in the email might display the correct web address, but redirect the user once the link is clicked.

When making or inserting credit card or personal information, a person should be more aware of the risks involved, and they should always double check the website before they submit the information. Hackers are now able to spoof HTTP, which makes it easy for them to gain access to user information. Genuine websites that handle monetary transactions or deal with sensitive information make use of secure HTTP. Secure HTTP is denoted by the initials HTTPS. Users should learn how to tell if the website is secure or not. This would be beneficial to the user and would improve their security. Identifying…