Phishing attacks or COVID-19 and Remote Work Security

Article Sidebar

PDF
Published: Dec 15, 2020
DOI: https://doi.org/10.61841/turcomat.v11i3.14958
Keywords:
Phishing Attacks, COVID-19, Remote Work, Cybersecurity, Security Awareness

Main Article Content

Pavan Reddy Vaka
Consultant, HCL Tech, Frisco, Tx, USA.

Abstract

The COVID-19 pandemic accelerated the adoption of remote work, which significantly altered the cybersecurity landscape. One of the most common cyber threats that surfaced during this period was phishing attacks, which exploit vulnerabilities associated with remote work setups. Phishing attacks have evolved in sophistication, targeting both employees and organizations, and they have increasingly leveraged the global health crisis to create more convincing attack vectors. This research investigates the relationship between the surge in phishing attacks and the widespread shift to remote work during the COVID-19 pandemic. By analyzing the patterns of phishing attempts, the role of organizational security policies, and individual employee behaviors, the study highlights the increased vulnerability of remote work environments to phishing schemes. The paper also explores security measures that can be implemented to mitigate these risks and proposes a set of recommendations for organizations to improve remote work security posture in a post-pandemic world. Findings indicate that remote work environments have heightened the risk of phishing attacks, suggesting the need for more robust cybersecurity strategies and continuous employee awareness training.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

Article Details

How to Cite
Reddy Vaka, P. . (2020). Phishing attacks or COVID-19 and Remote Work Security. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 11(3), 3044–3052. https://doi.org/10.61841/turcomat.v11i3.14958
Issue
Vol. 11 No. 3 (2020)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

You are free to:

  1. Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
  2. Adapt — remix, transform, and build upon the material for any purpose, even commercially.
  3. The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

  1. Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  2. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Notices:

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.

Crossref
Scopus
Google Scholar
Europe PMC

References

Anderson, R. & Moore, T. (2006). The economics of information security. Science, 314(5799), 610-613. https://doi.org/10.1126/science.1130992

Bejtlich, R. (2014). The basics of information security: Understanding the fundamentals of InfoSec in theory and practice. Addison-Wesley Professional.

Böhme, R. & Moore, T. (2012). The iterated weakest link: A model of phishing. Journal of Security Economics, 1(1), 21-45. https://doi.org/10.1016/j.jacceco.2012.02.001

Cram, F., Sasse, M. A., & Worth, P. (2010). Phishing countermeasures: Why people are the weakest link. Information Security Technical Report, 15(2), 97-105. https://doi.org/10.1016/j.inffus.2010.03.002

Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 581–599). ACM. https://doi.org/10.1145/1124772.1124881

Dinev, T. & Hart, P. (2005). Internet privacy concerns and social awareness as determinants of intention to transact. International Journal of Electronic Commerce, 10(2), 7-29. https://doi.org/10.1080/10864415.2005.11044275

Fruhlinger, J. (2017). Phishing attacks and prevention. CSO Online. Retrieved from https://www.csoonline.com/article/3231712/phishing-attacks-and-prevention.html

Greitzer, F. L., Frincke, D. A., & Alhadeff, A. (2016). Cybersecurity threats and vulnerabilities for remote work. Journal of Cybersecurity, 2(1), 35-45. https://doi.org/10.1093/cybsec/tyw002

Hadnagy, C. (2018). Social engineering: The science of human hacking. Wiley.

Herley, C. (2001). Identity theft. Communications of the ACM, 44(9), 35-42. https://doi.org/10.1145/503272.503274

Hong, J. (2012). The state of phishing attacks. ACM Computing Surveys, 44(2), 1-45. https://doi.org/10.1145/2145204.2145206

Jakubik, T., Sheu, D., & Zaika, M. (2015). An analysis of organizational response to phishing attacks. Computers & Security, 52, 1-17. https://doi.org/10.1016/j.cose.2015.02.001

Johnston, A. C., & Mattord, H. J. (2014). Phishing and spear phishing: Understanding the increasing problem of electronic identity theft. Issues in Information Systems, 15(2), 1-14. https://doi.org/10.4018/ini.2014040101

Kumar, N. & Ramachandran, K. (2016). Phishing detection and prevention: An overview. International Journal of Computer Applications, 141(4), 1-6. https://doi.org/10.5120/ijca2016910460

Mitnick, K. D. & Simon, W. L. (2002). The art of deception: controlling the human element of security. John Wiley & Sons.

Nardelli, M., Patro, S., & Velu, C. (2014). An extensive survey on phishing detection techniques. International Journal of Computer Applications, 107(8), 1-7. https://doi.org/10.5120/ijca2014916593

O'Connor, P. M., Greene, B., & Smith, D. (2007). A new model for explaining individual phishing susceptibility. Decision Support Systems, 44(1), 111-126. https://doi.org/10.1016/j.dss.2005.11.009

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2015). Phishing for the truth: evaluating the impact of information and misinformation on phishing. Computers & Security, 52, 61-75. https://doi.org/10.1016/j.cose.2015.02.007

Smith, S. W., & Rupp, W. T. (2002). Communication and trust in virtual communities. Organization Science, 13(4), 443-459. https://doi.org/10.1287/orsc.13.4.443.10326

Suri, S., Shankar, R., & Sitapati, K. (2013). A survey on phishing attacks and their detection techniques. International Journal of Advanced Research in Computer Science and Software Engineering, 3(5), 434-438. Retrieved from https://www.ijarcsse.com/docs/papers/Volume_3/5_May2013/V3I5-0043.pdf

Tipton, H. F., & Krause, M. (Eds.). (2007). Information security management handbook (6th ed.). Auerbach Publications.

Workman, M. A., Koenig, S. T., Kudo, A. K., & Kritzinger, E. (2010). How to recognize and thwart phishing attacks. Communications of the ACM, 53(7), 54-61. https://doi.org/10.1145/1736356.1736384

Yu, J., Riahi, S., Belanger, F., Shadbolt, N. R., & Davis, J. (2013). The state of phishing attacks. In Proceedings of the 6th International Conference on Information Security Practice and Experience (pp. 1-9). ACM. https://doi.org/10.1145/2502269.2502275

Zafarani, R., Wang, Y., & Liu, H. (2017). Social media mining: An introduction. Morgan & Claypool Publishers.