Advanced search
Publication Cover
Victims & Offenders
An International Journal of Evidence-based Research, Policy, and Practice
Volume 16, 2021 - Issue 3: The Changing Face of Financial Crime: New Technologies, New Offenders, New Victims, and New Strategies for Prevention and Control
Submit an article Journal homepage
3,481
Views
23
CrossRef citations to date
0
Altmetric
Original Articles

Phishing Evolves: Analyzing the Enduring Cybercrime

Adam Kavon Ghazi-Tehrania Department of Criminology and Criminal Justice, University of Alabama, Tuscaloosa, Alabama, USACorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0001-5750-0901
ORCID Icon &
Henry N. Pontellb Department of Sociology, John Jay College of Criminal Justice, New York, New York, USAORCID Iconhttps://orcid.org/0000-0003-2487-4581
ORCID Icon
Pages 316-342 | Published online: 16 Feb 2021
 
Sample our Law journals, sign in here to start your FREE access for 14 days

ABSTRACT

Phishing, the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity via electronic communication, has quickly evolved beyond low-skill schemes that relied on casting “a wide net.” Spear phishing attacks target a particular high-value individual utilizing sophisticated techniques. This study aims to describe the current state of phishing, the expected technological advances and developments of the near future, and the best prevention and enforcement strategies. Data comes from interviews with approximately 60 information technology security professionals, “hackers,” and academic researchers. Routine Activity Theory provided an operational framework; while it is an imperfect fit for most crimes, it provides enough explanatory power for cyber-crimes. Interviewees mainly agreed: First, technological advances increase the proliferation of phishing attacks, but also aid in their detection. It has never been easier to conduct a simple attack, but a good attack requires more effort than ever before. Second, phishing is directly responsible financial fraud and, indirectly, as the primary attack vector for ransomware. Third, newer types of attacks utilizing technology, like deepfakes, will make the problem worse in the short-term. Fourth, prevention will come from machine learning and public education akin to WIFI security improvement via the combination of encryption and password awareness.

Acknowledgments

We would like to thank our interview respondents.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Data availability

Data available upon request.

Notes

1. DMARC (Domain-based Message Authentication Reporting and Conformance) is an e-mail validation system designed to protect an e-mail domain from being used for e-mail spoofing, phishing scams and other cybercrimes. DMARC leverages the existing e-mail authentication techniques, such as SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).

Log in via your institution

Access through your institution

Log in to Taylor & Francis Online

Restore content access

Restore content access for purchases made as guest
Purchase options * Save for later

PDF download + Online access

  • 48 hours access to article PDF & online version
  • Article PDF can be downloaded
  • Article PDF can be printed
USD 53.00 Add to cart

Issue Purchase

  • 30 days online access to complete issue
  • Article PDFs can be downloaded
  • Article PDFs can be printed
USD 234.00 Add to cart

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.