The analysis of development, typical objectives and mechanisms of phishing attacks

Abstract

The work discusses the issues of phishing attacks, emphasizing the interconnection between the stages of information technology development and the periods of phishing evolution. Attention is drawn to the fact that any new communication resource or online technology significantly expands the range of possible social engineering techniques, a key element of modern phishing. Based on a review of known incidents, it is asserted that this type of attack will continue to proliferate. The main factors contributing to the further growth of phishing include: -active implementation of artificial intelligence and Internet of Things technologies; -proliferation of satellite Internet; -persistent increase in the number of network users; -technological rivalry among major actors in the post-industrial world. It is emphasized that the increased accessibility of the global Internet will lead to a rise in the number of users of new communication services and platforms. However, the widespread digitization of modern society, coupled with low levels of digital literacy in certain social strata, will result in potential vulnerabilities for large groups of technologically uninformed users. The simultaneous existence of these two trends will increase the number of potential phishing attack victims in the future. It is highlighted that integrating phishing with other types of cyberattacks increases the overall incidence of phishing. The significant prevalence of social networks is noted as a major means of phishing dissemination. The conclusion is drawn that phishing attacks in corporate and private segments of modern information systems, despite their external similarities, aim to obtain substantially different "bonuses" in terms of scale, consequences, and substantive actions. These implicit differences determine the variations in impact vectors and attacking scenarios. Special attention is given to the use of multi-factor authentication, which significantly complicates the impersonation of user identification data, making phishing less effective. It is noted that implementing comprehensive protection against phishing attacks involves continuous improvement of existing security technologies in conjunction with organizational measures. The organizational component should clearly regulate the levels of personal and collective responsibility for the current security status of the utilized systems and information resources.