Email Fraud and User Protection Strategies

Introduction

The invention of the Internet has triggered numerous changes in human communication and interaction. Electric mail (email) has become an important method of communication by allowing the passage of information from one person to another. Communication through is becoming a necessity in the modern world, and moving into the future, almost every person will be required to have an email.

The sphere of email usage is broad, and while personal communication is shifting to other platforms such as social media (WhatsApp, Facebook, and Twitter, among others), email remains one of the central channels of official communication in different organizations and institutions. For example, students are required to have email addresses as part of login credentials when accessing college resources and information. Similarly, employees use email addresses every day to communicate back and forth with workmates, bosses, and other stakeholders. Inter- and intra-organizational communication entirely relies on email for communication.

Without emails as a channel of commutation, most organizational operations would be crippled. Managing companies and institutions would become a nightmare, especially in the modern era of globalization and remote working. Unfortunately, every revolutionary idea usually attracts specific drawbacks. Emails have become a soft target for fraudsters who capitalize on Internet security loopholes to manipulate the system and defraud unsuspecting users.

Therefore, it is important to understand the architecture of email phishing and the underlying risk factors that predispose individuals to con artists. This aspect will form the basis of knowing how to avoid email fraud and the future anticipated challenges that might emerge in the future. This proposal gives a short analysis of a research study aimed at understanding email fraud, current gaps, and the best strategies to protect computer users.

Topic Analysis and Importance

The selected topic for the final paper is that of email fraud. Personally, I am interested in it because I have been a victim of email phishing in the past. It was a painful experience after fraudsters pried on my gullibility to steal personal information and use it for blackmail. All my social media accounts are linked to my email, and thus by accessing my details, the scammers took control of all the platforms, and they started soliciting money from friends and family members on my behalf. The issue was ultimately resolved, but I had to pay some ransom fee to regain control of my email and social media accounts.

Before this incident, I could not understand how people fall for the fraudsters’ tricks, and thus I assumed I was infallible and my digital footprints were adequately protected. However, after I was scammed, I started looking into the issue of phishing only to realize that it involves some psychological aspects that victims of this cybercrime problem are not aware of from a general point of view. Therefore, I believe that people should be informed about the dynamics of email fraud to understand it from a technical and psychological perspective and come up with functional ways of avoiding such scams and protect their privacy.

In addition, emails are the fundamental communication channels in the business world, and any security breaches associated with the same could have serious ramifications. Email phishing could be used to infiltrate finance departments in companies and siphon millions of dollars, leading to huge losses and business stagnation. Additionally, in contemporary times when companies are increasingly storing customer data, breaches could lead to the loss of such sensitive information, which could result in costly legal cases and ruined reputation.

For instance, telehealth is revolutionizing the way patients receive care services, and thus providers have to store sensitive personal data, and its breach could have far-reaching consequences. Consequently, organizations should endeavor to understand the architecture of email phishing to come up with effective countermeasures and avoid unnecessary losses.

Another reason why people should care about email fraud is to understand the underlying psychological aspects that could be risk factors to defrauding. Email frauds are socially engineered attacks targeting people as opposed to systems. However, most people think that such incidences are geared towards compromising computer systems. Such an assumption is wrong, and it partly explains why people continue to fall for email phishing tricks because the human nature part of it is normally overlooked. Therefore, understanding the psychology of email fraud will prepare users to be in a position to avoid being scammed.

In summary, completing a detailed study on this topic will avail knowledge of Internet-based crime and its consequences on different users. The same information will be shared with readers to implement evidence-based protective measures. The proposed work is significant since it seeks to address an issue that many people and computer users continue to ignore. Email fraudsters are usually experienced and cunning, thereby making it impossible for users to suspect. Targeted clients are usually tricked into reading specific emails and sharing their personal data or enrolling in different programs (Nizamani, Memon, Glasdam, & Nguyen, 2014).

The outcome is that many people are conned, thereby losing personal resources, among other devastating occurrences. Therefore, people should care about email fraud since this malpractice has serious consequences. A detailed analysis is a worthy enterprise since it will present additional information to empower more Internet users to take charge of their privacy and security when using emails for communication.

Background Information

Most of the studies completed in the recent past have outlined various issues surrounding hacking and Internet-based fraud. The email has remained a major target for phishers since it gives people an opportunity to communicate and keep messages. The consulted articles and publications have presented meaningful information about this topic. For instance, Al-Mashhadi and Alabiech (2017) indicate that many scammers use phishing techniques and old-fashioned operations to attack clients.

A good example of such tricks is bait-and-switch (Nizamani et al., 2014). However, users have become aware of the widespread practice of email fraud, thus they are taking protective measures to avoid being scammed. Nevertheless, fraudsters are ever-changing their tricks to keep abreast with the evolving Internet security environment. Consequently, they are adopting sophisticated ways of perpetrating their criminal activities.

One such emerging strategy is known as pharming, which is a system designed to use cache to change the domain name system of a website and direct users to a malicious site before getting all log-in credentials (Nagunwa, 2014). In most cases, phishers target the email addresses of top-level employees in companies.

Another technique is known as ‘smishing,’ whereby scammers send malicious messages to users’ phones, and once the provided links are clicked, the entire system is compromised (Isacenkova, Thonnard, Costin, Francillon, and Balzarotti, 2014). In the business world, the commonly used form of phishing is ‘the CEO fraud’ whereby scammers take control of the email addresses of executive employees in an organization. Once they take over, fraudsters will send emails to workers directing them to execute certain duties, such as authorizing payments, which are then directed to third-party bank accounts.

The affected employees do not realize any mischief because the emails used are authentic. Scammers can also use the survey scam whereby malicious emails are sent to unsuspecting users, and once they open their emails, credentials are stolen, and the phishers can do anything with the email address. Phony WebPages are also shared to lure users into offering personal information or data. Therefore, users should engage in continuous learning to understand email fraud and the most appropriate preventative initiatives.

According to Hadnagy and Fincher (2015), email phishing is an ever-increasing and evolving scourge that leaves extensive damage to the affected individuals and organizations. The conventional way of dealing with email frauds, including the use of legislation, providing extensive user guides, creating public awareness, and other related technical aspects, has failed to counter this problem. However, this approach towards phishing overlooks the way humans respond to certain scenarios, which underscores the psychological side of this problem that phishers continue to exploit (Hadnagy & Fincher, 2015; Jones, Towse, & Race, 2015; Norris, Brookes, & Dowell, 2019).

In a bid to psychologically manipulate email users, fraudsters use several techniques, including “spear-phishing,” whereby emails seem to originate from a trusted or known sender, thus convincing the targeted individuals to reveal personal details (Norris et al., 2019).

Time-limited messages are also used as they create a form of urgency, and users feel compelled to open such emails to avoid missing the indicated timelines. The insidious urgency created in these emails acts as visceral triggers, thus reducing the cognitive alertness deployed when assessing the authenticity of the sender. Additionally, the use of smartphones reduces a person’s ability to detect phony emails due to habituation caused by constant engagement with small screens while on the move (Jones et al., 2015).

Other risk factors, according to Norris et al. (2015), including high motivation, which “triggers the size of the reward, trust by focusing on interaction rather than message content, often generated by using ‘official logos, social influence, including liking and reciprocation, and the scarcity or urgency of the opportunity” (p. 236). Unfortunately, most users do not understand these psychological cues when engaging in email communication, thus they become easy targets for phishing.

However, despite the aggressive nature of email fraud and the sophisticated methods that swindlers use to commit this form of cybercrime, several measures can be taken to prevent users from becoming victims of the same. Some researchers have outlined several practices to overcome the dangers of email fraud. The leading ones include ignoring unexpected links, identifying and rejecting unsolicited emails, filtering spam, installing antivirus software, and configuring firewalls (Filkins et al., 2016; Abdullah, George, & Mohammed, 2016). Those who ignore these suggestions are at risk of becoming victims. However, based on the knowledge gained from the psychology of email spoofing, individuals may open unverified emails without even knowing.

Therefore, the first step should involve taking deliberate actions and being keen when opening emails (Rader & Wash, 20150. The source of the email should be investigated, and if phony information is detected, the involved person should delete such mail immediately. In business, organizations should configure their systems in a way that uses high standards of authentication. Some of the available systems that could be used to prevent email spoofing in the corporate world include SPF, Sender ID, DKIM, and DMARC, among other similar programs (Gupta, Tewari, Jain, & Agrawal, 2017).

However, despite the level of sophistication used to prevent email fraud, it is important to note that such practices target people, not systems. Therefore, employees should be trained adequately on cyber-security practices to ensure that phishers do not gain access to emails through human errors.

The paper will be structured in a professional manner in order to be more convincing and informative. These sections will be included: Introduction, Problem Statement, Literature Review, Research Process, Findings, Discussions, Conclusions, and Recommendations. A qualitative study targeting different publications on email fraud will be completed. To gather the necessary information, online searches will be conducted using specified keywords to generate relevant results. Some of the keywords that will be used include email, fraud, phishing, anti-phishing, psychology, cyber-security, and privacy.

A mixed approach will be employed when conducting the search. For example, keywords will be entered as single words, such as “phishing” or in combination, such as “email fraud” “anti-phishing strategies). Reputable databases, including EBSCOhost, ProQuest, Google Scholar, and IEEE will be used. In the Background section, I will use existing knowledge on the subject matter, identifiable gaps, and opportunities for future improvement.

Definition of Terms

• Email fraud: Intentional deception aimed at pursuing personal gains or damaging users.
• Hacking: The process of breaching computer-based defenses for personal or criminal gains.
• Phishing: Social engineering malpractice used to steal personal information, login credentials, or credit card digits.
• Computer firewalls: Computer-based systems for protecting networks from unauthorized users.
• Smishing: Practice whereby scammers send malicious messages to users’ phones to steal personal credentials.
• Pharming – a system designed to use cache to change the domain name system of a website and direct users to malicious sites.

Sources used for this proposal were found online using different databases, such as ProQuest, EBSCOhost, and IEEE Computer Society Digital Library. Google Scholar also gave valuable information on this topic. The keywords used were email, fraud, phishing, scamming, malware, and spyware. The Boolean search was the main strategy used to find relevant articles whereby a combination of keywords (separating with phrases like “and” and “our”) is entered on the search engine. The articles presented below are relevant and promising since they discuss useful information on email fraud and how it could be prevented.

References

Abdullah, A. A., George, L., & Mohammed, I. J. (2016). Email phishing detection. Riga, Latvia: Lap-Lambert Academic Publishing.

Al-Mashhadi, H. M., & Alabiech, M. H. (2017). A survey of email service; Attacks, security methods and protocols. International Journal of Computer Applications, 162(11), 31-40.

Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., … Steinhubl, S. R. (2016). Privacy and security in the era of digital health: What should translational researchers know and do about it? American Journal of Translational Research, 8(3), 1560-1580.

Green, J. S. (2015). Cyber security: An introduction for non-technical managers. New York, NY: Gower Publishing Limited.

Gupta, B. B., Tewari, A., Jain, K. A., & Agrawal, D. P. (2017). Fighting against phishing attacks: State of the art and future challenges. Neural Computing and Applications, 28(12), 3629-3654.

Hadnagy, C., & Fincher, M. (2015). Phishing dark waters: The offensive and defensive sides of malicious e‐mails. New York, NY: Wiley.

Isacenkova, J., Thonnard, O., Costin, A., Francillon, A., & Balzarotti, D. (2014). Inside the scam jungle: A closer look at 419 scam email operations. EURASIP Journal on Information Security, 2014(1), 1-18.

Jones, H. S., Towse, J. N., & Race, N. (2015). Susceptibility to email fraud: A review of psychological perspectives, data collection methods, and ethical considerations. International Journal of Cyber Behavior, Psychology, and Learning, 5(3), 13-29.

Nagunwa, T. (2014). Behind Identity theft and fraud in cyberspace: The current landscape of phishing. International Journal of Cyber-Security and Digital Forensics, 3(1), 72-83.

Nizamani, S., Memon, N., Glasdam, M., & Nguyen, D. D. (2014). Detection of fraudulent emails by employing advanced feature abundance. Egyptian Informatics Journal, 15(3), 169-174.

Norris, G., Brookes, A., & Dowell, D. (2019). The Psychology of Internet fraud victimization: A systematic review. Journal of Police and Criminal Psychology, 34(3), 231-245.

Rader, E., & Wash, R. (2015). Identifying patterns in informal sources of security information. Journal of Cybersecurity, 1(1), 121-144.

Annotated Bibliography

Abdullah, A. A., George, L., & Mohammed, I. J. (2016). Email phishing detection. Riga, Latvia: Lap-Lambert Academic Publishing.

Abdullah et al. (2016) discuss several ways that fraudulent emails could be detected. With the increasing cases of phishing, the authors of this easily readable book argue that users should be prepared for the different ways of spotting fraud. The book is important to the final paper as it gives a practical guide on how to detect and avoid phishing.

Al-Mashhadi, H. M., & Alabiech, M. H. (2017). A survey of email service; Attacks, security methods and protocols. International Journal of Computer Applications, 162(11), 31-40.

This article begins by identifying email security as a major source of concern among Internet users. As a tool for sharing information, emails have become potential targets for hackers and phishers. The article supports the model of keeping the exchange of information and data very low and confident (Al-Mashhadi & Alabiech, 2017). Sender authentication is an evidence-based practice for minimizing fraud. The adoption of this information will support the development of a reliable and informative report.

Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., … Steinhubl, S. R. (2016). Privacy and security in the era of digital health: What should translational researchers know and do about it? American Journal of Translational Research, 8(3), 1560-1580.

In this article, the authors discuss how the emergence of digital technologies has presented both opportunities and challenges. Cybercriminals capitalize on security lapses to attack emails in an attempt to acquire confidential information and financial data (Filkins et al., 2016). All stakeholders should consider the importance of proactive strategies that will enhance data privacy. The details of this paper will be incorporated in the final paper to increase knowledge on email fraud.

Green, J. S. (2015). Cyber security: An introduction for non-technical managers. New York, NY: Gower Publishing Limited.

This book begins by describing the Internet as a powerful tool for many individuals and business organizations. The author supports the introduction of updated antivirus software and firewalls to protect data (Green, 2015). The presented information is essential since it offers evidence-based practices and procedures that computer users can implement to protect themselves against any form of fraud.

Gupta, B. B., Tewari, A., Jain, K. A., & Agrawal, D. P. (2017). Fighting against phishing attacks: State of the art and future challenges. Neural Computing and Applications, 28(12), 3629-3654.

The authors of this article give a detailed account of phishing, its history, and what motivates its perpetrators. They also provide the taxonomy of different types of these attacks and highlight various ways that individuals could use to avoid becoming victims and future challenges that could affect Internet users (Gupta et al., 2017). This article is relevant to the current research as it gives an overview of all aspects involved in email fraud.

Hadnagy, C., & Fincher, M. (2015). Phishing dark waters: The offensive and defensive sides of malicious e‐mails. New York, NY: Wiley.

This book addresses the ever-growing cases of phishing emails and offers a detailed list of defensive techniques that users can apply to avoid this scourge. Hadnagy and Fincher (2015) address the issue of phishing from the perspective of human decision-making. The information in this book will add to the final paper by highlighting ways to avoid email fraud.

Isacenkova, J., Thonnard, O., Costin, A., Francillon, A., & Balzarotti, D. (2014). Inside the scam jungle: A closer look at 419 scam email operations. EURASIP Journal on Information Security, 2014(1), 1-18.

This article investigates the infamous Nigerian scam, also known as “419 scam”, to understand how email fraud is organized to lure victims to pay money to strangers. Isacenkova et al. (2014) argue that email fraudsters are organized and smart individuals, and thus this article is important in understanding the mindsets of email scammers.

Jones, H. S., Towse, J. N., & Race, N. (2015). Susceptibility to email fraud: A review of psychological perspectives, data collection methods, and ethical considerations. International Journal of Cyber Behavior, Psychology, and Learning, 5(3), 13-29.

Jones et al. (2015) take a psychological approach toward understanding email fraud. They argue that phishing involves psychological maneuvers to convince targeted individuals to divulge information. The article is relevant to the study because it adds a different thread in understanding the problem of phishing.

Nagunwa, T. (2014). Behind Identity theft and fraud in cyberspace: The current landscape of phishing. International Journal of Cyber-Security and Digital Forensics, 3(1), 72-83.

Nagunwa (2014) investigates the evolving environment of cybercrime to highlight how fraudsters keep abreast with changing technology to remain relevant and perpetuate their criminal activities. Specifically, the article focuses on polymorphic phishing vectors that are commonly used in cybercrime. This article is important to the current study because it helps to understand the complex world of email fraud and perhaps why the practice is deeply entrenched even with concerted efforts to thwart it.

Nizamani, S., Memon, N., Glasdam, M., & Nguyen, D. D. (2014). Detection of fraudulent emails by employing advanced feature abundance. Egyptian Informatics Journal, 15(3), 169-174.

This article offers different features and strategies for detecting fraudulent emails. The article employs the use of advanced algorithms in an attempt to have a better feature set (Nizamani et al., 2014). The information presented in this article will be used to develop the most appropriate strategies for detecting fraudulent emails and empowering more people to achieve their objectives.

Norris, G., Brookes, A., & Dowell, D. (2019). The Psychology of Internet fraud victimization: A systematic review. Journal of Police and Criminal Psychology, 34(3), 231-245.

The authors of this article investigate some of the psychological risk factors that predispose certain populations or individuals to email phishing. Norris et al. (2019) used a systematic literature review to highlight how different human factors contribute to email fraud. The article will be used to understand email fraud from a psychological standpoint.

Rader, E., & Wash, R. (2015). Identifying patterns in informal sources of security information. Journal of Cybersecurity, 1(1), 121-144.

Rader and Wash (2015) encourage users to read numerous articles on the same issue and analyze their friends’ experiences. This kind of practice will make it possible for them to understand how email attacks take place, the major areas many hackers target, and the subsequent consequences. This knowledge will guide the final report and empower more people to improve their risk mitigation strategies.