REVISTA DYNA NEW TECHNOLOGIES

Palabras clave:

Phishing, fraud, cybersecurity, forensic analysis, online banking, user training

Tipo de artículo:

ARTICULO DE INVESTIGACION / RESEARCH ARTICLE

Sección:

ARTICULOS DE INVESTIGACION / RESEARCH ARTICLES

ABSTRACT:
Phishing is a technique usually based on the exploitation of both the confidence and concern of the users. An alarming message delivered by an organization of trust is the best mechanism to motivate users to act, even against their will. A frequent approach to diminish the impact of said technique is to train users and provide them with a set of recommendations. These recommendations are based on several characteristics common in phishing attacks. Our thesis is that training is currently ineffective because procedures and technology have imperfections which help fraudsters deceive users. To prove our conclusions, we present the analyses of two massive campaigns of bank-smishing attacks occurred in 2021 and 2022. The fraud was suffered by an estimate of 7,000 users and both cases have a similar anatomy. Our team has deeply analyzed these attacks to produce forensic reports for more than 30 court cases. We have studied cellular phones, phone call records, logs from bank systems and other forensic sources to analyze scammer procedures and techniques. Also, we discuss the reasons why we state that there is need of an updated approach towards phishing attacks. Users’ training and awareness techniques must be redesigned and, apart from that, changes must be made in the procedures of organizations. Finally, we consider that it is necessary to improve the underlying technologies in services such as e-banking or e-shopping.

Keywords: Phishing, fraud, cybersecurity, forensic analysis, online banking, user training