A Preventive and Detective Model for Phishing Attack in Small and Medium Size Businesses

Abstract

Muyisa Patayo Clemence

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in an digital communication. Phishers take advantage of the trusting nature of humans who are considered to be the weakest point of the security triangle. Phishing attacks lead to loss of money, reputation, job etc. A lot of research has been made on this regard and many solutions have been made available but hackers still find and develop new method to trick the security measures in place. The study in this paper proposes a process model that we believe can help to reduce the impact of phishing attacks to some extend; it is composed of Business Security Objectives, Preventive Measures, Detective Measures, Awareness Measures, Responsive Measures, Knowledge Base as main components. It also outlines some best practices to follow in order to prevent phishing attacks.

PDF