Phishing as Cyber Fraud: The Implications and Governance

Internet technology brings a revolutionary change in modern living and socio-economic transactions. The nature of high-speed Internet allows Internet users to become ignorant of their data and information transparency. This behavior gives rise to phishing attacks by cybercriminals. Cybercriminals are highly trained people including in performing social engineering tactics to deceive internet users. Therefore, Internet users must know about phishing. This paper aims to explore phishing as cyber fraud, including the implications of phishing attacks and the governance to prevent phishing attacks. This study benefits individuals, companies, the government, and the public to increase phishing awareness and mitigate phishing attacks.

Keywords: phishing, cyber fraud, risk, risk management, Internet, technology.

ALBRECHT, W.S., & ALBRECHT, C. (2004). Fraud examination & prevention. Mason, Ohio: Thomson/South-Western.

ANTI-PHISHING WORKING GROUP. (2020). Phishing Activity Trends Report: 2nd Quarter 2018. Unifying the Global Response to Cybercrime. Retrieved from https://docs.apwg.org/reports/apwg_trends_report_q2_2018.pdf

ARACHCHILAGE, N.A.G., & LOVE, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312. https://doi.org/10.1016/j.chb.2014.05.046

AUSTRALIAN COMPETITION AND CONSUMER COMMISSION. (2021). Home: Scamwatch. Retrieved from https://www.scamwatch.gov.au/

BERNAMA. (2020). Bantuan Prihatin: LHDN nafi minta maklumat perbankan menerusi SMS bernama. Sinar Harian. Retrieved from https://www.sinarharian.com.my/article/77055/KHAS/Covid-19/Bantuan-Prihatin-LHDN-nafi-minta-maklumat-perbankan-menerusi-SMS

CENTRAL BANK OF MALAYSIA. (2020). Risk Management in Technology (RMiT). Retrieved from https://www.bnm.gov.my/documents/20124/963937/Risk+Management+in+Technology+%28RMiT%29.pdf/810b088e-6f4f-aa35-b603-1208ace33619?t=1592866162078

CHAUDHRY, J.A., CHAUDHRY, S.A., & RITTENHOUSE, R.G. (2016). Phishing attacks and defenses. International Journal of Security and Its Applications, 10(1), 247-256. http://dx.doi.org/10.14257/ijsia.2016.10.1.23

CHHABRA, G.S., & BAJWA, D.S. (2015). Review of E-mail System, Security Protocols and Email Forensics. International Journal of Computer Science & Communication Networks, 5(3), 201-211. Retrieved from https://www.researchgate.net/publication/286053691_Review_of_E-mail_System_Security_Protocols_and_Email_Forensics

CLOUDFLARE. (2021). What is HTTPS? Retrieved from https://www.cloudflare.com/learning/ssl/what-is-https/

FINAMORE, A., VARVELLO, M., & PAPAGIANNAKI, K. (2017). Mind the gap between HTTP and HTTPS in mobile networks. In KAAFAR, M., UHLIG, S., & AMANN, J. (eds.) Passive and Active Measurement. PAM 2017. Lecture Notes in Computer Science, Vol. 10176. Cham: Springer, pp. 217-228. https://doi.org/10.1007/978-3-319-54328-4_16

GUPTA, B.B., TEWARI, A., JAIN, A.K., & AGRAWAL, D.P. (2017). Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications, 28, 3629–3654. https://doi.org/10.1007/s00521-016-2275-y

GUPTA, S., SINGHAL, A., & KAPOOR, A. (2016). A literature survey on social engineering attacks: phishing attack. The International Conference on Computing, Communication and Automation, Noida, India, 29-30 April 2016, pp. 537-540. https://doi.org/10.1109/CCAA.2016.7813778

HANNA, K.T., FERGUSON, K., & BEAVER, K. (2021). Data breach. Search Security. Retrieved from https://searchsecurity.techtarget.com/definition/data-breach

HSU, C., & WANG, T. (2015). Composition of the Top Management Team and Information Security Breaches. In CRUZ-CUNHA, M., & PORTELA, I. (eds.) Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance. Hershey, Pennsylvania: IGI Global, pp. 116-134. http://doi:10.4018/978-1-4666-6324-4.ch008

IKHSAN, M.G., & RAMLI, K. (2019). Measuring the information security awareness level of government employees through phishing assessment. The 34th International Technical Conference on Circuits/Systems, Computers and Communications, JeJu, Korea (South), 23-26 June 2019. https://doi.org/10.1109/ITC-CSCC.2019.8793292

JAIN, A.K., & GUPTA, B.B. (2017). Phishing detection: Analysis of visual similarity-based approaches. Security and Communication Networks, 2017, 2017, 5421046. https://doi.org/10.1155/2017/5421046

KAMRUZZAMAN, M., ISLAM, M.A., ISLAM, M.S., HOSSAIN, M.S., & HAKIM, M.A. (2016). Plight of youth perception on cyber crime in South Asia. American Journal of Information Science and Computer Engineering, 2(4), 22-28. Retrieved from http://files.aiscience.org/journal/article/html/70080067.html

KANKANHALLI, A., TEO, H.H., TAN, B.C.Y., & WEI, K.K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154. https://doi.org/10.1016/S0268-4012(02)00105-6

KATKURI, S. (2018). Indian Cyber Law. International Journal of Advanced Research and Development, 3(1), 640-644. Retrieved from http://www.advancedjournal.com/archives/2018/vol3/issue1/3-1-158

KAZEMI, M., KHAJOUEI, H., & NASRABADI, H. (2012). Evaluation of information security management system success factors: Case study of municipal organization. African Journal of Business Management, 6(14), 4982-4989. https://doi.org/10.5897/AJBM11.2323

KENNEDY, L.Z., CHIASSON, S., & OORSCHOT, P.V. (2016). Revisiting password rules: Facilitating human management of passwords. The APWG Symposium on Electronic Crime Research (eCrime), Toronto, Canada, 1-3 June 2016. https://doi.org/10.1109/ECRIME.2016.7487945

KIM, S.H., JANG, S.Y., & YANG, K.H. (2016). Analysis of the determinants of software-as-a-service adoption in small businesses: risks, benefits, and organizational and environmental factors. Journal of Small Business Management, 55(2), 303-325. https://doi.org/10.1111/jsbm.12304

KROMBHOLZ, K., HOBEL, H., HUBER, M., & WEIPPL, E. (2015). Advanced Social Engineering Attacks. Journal of Information Security and Applications, 22, 113-122. https://doi.org/10.1016/j.jisa.2014.09.005

MALAYSIA COMPUTER EMERGENCY RESPONSE TEAM (MYCERT). (2021). Incident statistics. Retrieved from https://www.mycert.org.my/portal/statistics?id=b75e037d-6ee3-4d11-8169-66677d694932

MALAYSIAN ADMINISTRATIVE MODERNIZATION AND MANAGEMENT PLANNING. (2016). Rangka Kerja Keselamatan Siber Sektor Awam. Retrieved from https://www.malaysia.gov.my/portal/content/30090?language=my

MALAYSIAN AIRLINES. (2020). Malaysia Airlines Cautions Customers of Fake Website. Retrieved from https://www.malaysiaairlines.com/us/en/news-article/2020/malaysia-airlines-cautions-customers-fake-website.html

MALAYSIAN COMMUNICATIONS AND MULTIMEDIA COMMISSION. (2021). Phishing Attack. Retrieved from https://www.mcmc.gov.my/en/faqs/phishing-attack

MARTINO, A.S., & PERRAMON, X. (2011). Phishing Secrets: History, Effects, Countermeasures. International Journal of Network Security, 11(3), 163-171. Retrieved from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.624.6627&rep=rep1&type=pdf

MASREK, M.N., HARUN, Q.N., & RAMLI, I. (2019). The Role of Top Management in Information Security Practices. The 6th International Conference on Education, Social Sciences and Humanities, Istanbul, Turkey, 24-26 June 2019. Retrieved from https://www.researchgate.net/publication/338764650_THE_ROLE_OF_TOP_MANAGEMENT_IN_INFORMATION_SECURITY_PRACTICES

MAURYA, S., & JAIN, A. (2020). Deep learning to combat phishing. Journal of Statistics and Management Systems, 23(6), 945-957. https://doi.org/10.1080/09720510.2020.1799496

MCCOMBIE, S., & PIEPRZYK, J. (2010). Winning the phishing war: A strategy for Australia. The 2nd Cybercrime and Trustworthy Computing Workshop, Ballarat, Australia, 19-20 July 2010. https://doi.org/10.1109/CTC.2010.13

MEIKENG, Y. (2020). Cybersecurity cases rise by 82.5%. The Star. Retrieved from https://www.thestar.com.my/news/focus/2020/04/12/cybersecurity-cases-rise-by-825

MOHAMMAD, R.M., THABTAH, F., & MCCLUSKEYA, L. (2015). Tutorial and critical analysis of phishing websites methods. Computer Science Review, 17, 1-24. https://doi.org/10.1016/j.cosrev.2015.04.001

NORDIN, R. (2020). Cops record 20% increase in phone scams during MCO period. The Star. Retrieved from https://www.thestar.com.my/news/nation/2020/05/19/cops-record-20-increase-in-phone-scams-during-mco-period

PHISHLABS. (2018). Phishing Trends and Intelligence Report 2018. Retrieved from https://www.phishlabs.com/whitepapers/2018-phishing-trends-intelligence-report/

RAHIM, R. (2020). IRB warns of fraudsters impersonating its officers in 'tax arrears' scam. The Star. Retrieved from https://www.thestar.com.my/news/nation/2020/06/07/irb-warns-of-fraudsters-impersonating-its-officers-in-tax-arrears-scam

RAO, S.R., & PAIS, A.R. (2019). Jail-Phish: An improved search engine-based phishing detection system. Computers and Security, 83, 246-267. https://doi.org/10.1016/j.cose.2019.02.011

ROMNEY, M.B., & STEINBART, P.J. (2018). Accounting Information Systems. 14th ed. London: Pearson Education.

SANCHEZ, F., & DUAN, Z. (2012). A sender-centric approach to detecting phishing e-mails. The International Conference on Cyber Security, Alexandria, Virginia, USA, 14-16 December 2012. https://doi.org/10.1109/CyberSecurity.2012.11

SECURITIES COMMISSION MALAYSIA. (2016). Guidelines on Management of Cyber Risk. Retrieved from https://www.sc.com.my/api/documentms/download.ashx?id=9aaddb2e-aa13-409a-a47f-8d0124afd229

SONNENSCHEIN, R., LOSKE, A., & BUXMANN, P. (2017). The Role of Top Managers' IT Security Awareness in Organizational IT Security Management. The International Conference on Information Systems, Seoul, South Korea, 10-13 December 2017.

SPECIAL TO THE TIMES. (2020). CBI issues alert about possible ID theft scams over 4th of July weekend. The Fort Morgan Times. Retrieved from https://www.fortmorgantimes.com/2020/07/02/cbi-issues-alert-about-possible-scams-over-4th-of-july-weekend/

SUGANYA, V. (2016). A review on phishing attacks and various anti phishing techniques. International Journal of Computer Applications, 139(1), 20-23. https://doi.org/10.5120/ijca2016909084

VAN KESSEL, P. (2018). Is cybersecurity about more than protection? Retrieved from https://www.ey.com/en_gl/consulting/global-information-security-survey-2018-2019

VUČKOVIĆ, Z., VUKMIROVIĆ, D., MILENKOVIĆ, M.J., RISTIĆ, S., & PRLJIĆ, K. (2018). Analyzing of e-commerce user behavior to detect identity theft. Physica A: Statistical Mechanics and its Applications, 511, 331-335. https://doi.org/10.1016/j.physa.2018.07.059

WARDMAN, B. (2016). Assessing the gap: Measure the impact of phishing on an organization. The 12th Annual ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, Florida. Retrieved from https://commons.erau.edu/cgi/viewcontent.cgi?article=1366&context=adfsl

WHITAKER, B. (2007). Never too young to have your identity stolen. The New York Times. Retrieved from https://www.nytimes.com/2007/07/21/business/21idtheft.html

YEBOAH-BOATENG, E.O., & AMANOR, P.M. (2014). Phishing, SMiShing & Vishing: An assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences, 5(4), 297-307. Retrieved from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.682.2634&rep=rep1&type=pdf

YEOH, A. (2020). LHDN warns of SMS scam targeting Bantuan Prihatin Nasional recipients. The Star. Retrieved from https://www.thestar.com.my/tech/tech-news/2020/04/03/lhdn-warns-of-sms-scam-targeting-bantuan-prihatin-nasional-recipients

ZAHARI, A.I., BILLU, R., & SAID, J. (2017). E-Commerce Fraud: An Investigation of Familiarity, Trust and Awareness Impact towards Online Fraud. Retrieved from https://www.researchgate.net/publication/319311612_E-Commerce_Fraud_An_Investigation_of_Familiarity_Trust_and_Awareness_Impact_towards_Online_Fraud