Monday, January 27, 2020
Effective business communication
Effective business communication Introduction Although there is no universal definition of change, it has been explained in the terms of guises, transformation, metamorphosis, evolution, regeneration (Hughes 2006). Any alternations in the people, structure, or technology of an organization. It is constant yet it varies in degree and directions. It creates threats and opportunities for organizations. Change in the organisation take place for many reasons. It is sometime done in order to have new ways of doing work or organizing work. Noteworthy changes in the organization occur such as when organization wishes to change its strategy on the whole for success, the organization want to change the nature of its operations. The forces of change come through change in organizational strategy, work force, new equipment, employee attitudes, marketplace, government laws, technology, labour market and economical situations. Steps involved in change An organisations culture can be affected by a number of reasons which has been as under; The environment in which the organisation operates. The beliefs, values and norms of the employees within the organization, particularly those communicated by top management. The organisations size, history, ownership and technology also results in change within the organisation. Other factors includes trade unions, media and lifestyle of the people UnFreezing This is the first step that involves disturbing the equilibrium state of the prevailing status quo. This can be done by encouraging the individuals that they should adopt new behaviours and discard the old one (Burnes 2004). Moving According to an article published in the journal by (Burnes 2004), the step or block aims at shifting the behaviours of the individuals as well as the departments where the change is supposed to take place. The moving step aims to develop new behaviours and attitudes of the individuals. Refreezing This step called refreezing the change intended becomes permanent. The new way of organization is established according to (Burnes 2004) through new attitudes and behaviours. While considering the type of changes steps involved in the change is mention below The start of change process involves translating the need of change into a desire of change. The change may start with the formal announcement or it may be less explicit, but in some point it typically involves a review or project. A manager should diagnosis present state identify preferred future state for a better communication .The reviewing of present state help to identify the future challenges. Need/reasons for change In order to survive and prosper in competitive and changing environment, organisations also need to change. This may be brought about many influencing factors which may be internally within the organisation or in external environmental. Internal forces for change arise from internal activities and decisions. If top managers select a goal of rapid company growth, internal actions will have to be made to meet that growth. New department and technologies will be created so organisation will change according to that. What is Communication? Communication is the process of transfer of information. Communication means ways of sharing ideas, news, views, methods and techniques. Communication must involve two parties .It is vital part of almost every job. All companies and organisations demand it. Internal communication system The communication which takes place within the boundaries of the organisation is known as internal communication. (R Blundel k Ippolito 2007). Effective communication is an essential part of smoothly running business organisation. Communication involves the transmission of information from a source (or a number of sources) to receivers. The information is communicated in the form of a message(The times100 2009 1). For example a customer may request a new part from a supplier, with information on how to use that part in a piece of equipment. The supplier will then communicate with the customer setting out instructions for using the part, as well as sending a delivery note, invoice, and further sales literature. Increasingly these interaction will be carried out by electronic media such as through a sales website, e-mail communications and other means. Communication within the organizations is dynamic, two way(transactional) process can be broken into six phases The sender has an idea and want to share it. When sender put the idea in the form of message it means sender encodes it so that receiver can understand easily. Then sender transmits the message through a proper communication channel(spoken or written) and a medium(telephone, letters, email, report or face to face). For communication to occur, the must first get the message. After the transmission of message from the sender receiver gets the message which involves the understanding of message by receiver. Then the receiver decodes the message. The decoded message must be stored in the receivers mind. The receiver sends feedback after decoding the message from the sender, the receiver may respond the some way and signal that to sender. This internal communication process can be shown with the help of the diagram As the above fig shows that the communication process is repeated until both parties finish expressing themselves. Moreover effective internal communication try not to cram too much information into one message. The effectiveness of communications depends on: http://www.thetimes100.co.uk/theory/theoryworking-together-business-communications388.php The clarity of the message. The quality of the medium used to transmit the message. The medium is the means of communicating e.g e-mail, telephone, letter, etc. Any distracting noise that prevent the message from effectively getting through. For example, if the recipient receives lots of email messages, they may fail to give proper attention to the senders message. The ability of the receiver to decode the message. For example, they may not be able to understand the instructions given. Supports of communication Verbal communication It is the spoken, oral, and unwritten way of communicating(Personal growth 2009 1). Non verbal communication Transmission of messages by a medium other than speech or writing(Business dictionary 2009 2).There are so many supports that can be taken for effective internal communication which mainly include Electronic mail This has rapidly become the most common form of written communication within the organization. It is the most easy and quick way of communication within the organization. Company websites A companys website will typically involve a portal or a section dedicated to internal communication with and between employees. Company databases In most of the large organisations including banks like Barclays employees will be able to access a number of company databases to communicate internally. Meeting Meetings is the also the most effective support to communicate effectively within the organizations. It can be formal or informal. In manufacturing companies like toyata teams of employees regurlarly meet to discuss issues like quality. Phone communication Phone communications are another important form of oral communication with most large companies having a lowcost internal telephone system. Internal memos, Voice mail, instant messaging, Faxing http://www.about-personal-growth.com/verbal-communication.html http://www.businessdictionary.com/definition/non-verbal-communication.html An internal memo can be send by email to communicate with the employees within the organisation. Staff magazine, reports, notices and posters on staff boards provide other means of internal communication. Voice mails, instant messaging and faxing are also be used as supports for communication Impact of change on communication The change plays a vital role on the communication process. Communication calls change and change calls challenges like competition, globalization and technology. During the change process if communication goes wrong it can create huge impact on the organizations future. The impact of change can be positive or negative. Change can be of any type for example organization changing its policies or organization introduces new technology within the organization .There should be a proper communication as a result of any kind of change through a proper channel and support. In times of change, employee communication is vital to successful organizations. Let suppose if an organization want to change their technology then they should communicate and inform their employees so that they understand the change and adopt that change by the help of proper communication. Wrong communication like solider died in afghan calling wrong name, in place of doing right hand side operation doing left hand sid e can results in serious problems. Handle of communication at each level Communication among the employees of the organization is a essential for effective function. Organizational decisions are usually made at top and flow down to the people who carry them out. From top to bottom each person should understand, apply and pass it. For each and every level of organizational change top managers, middle managers and first line managers should co-ordinate whole work efficiently and effectively with the other employees. Top management should act as planner, leader, communicator and organizer. The lower level employees can help top level management by giving accurate, timely reports on problems, emerging trends, opportunities for improvement and performance. The formal communication network within the organization is shown below Obstacle or Barrier in the context of change No matter how good the communication system in an organisation is, unfortunately barriers or obstacles can and do often occur. This may be caused by a number of factors which can usually be summarised as being due to physical barriers, system design faults or additional barriers. Language Barrier Different languages, vocabulary, accent represents regional barriers. Words having similar pronunciation but multiple meanings. The use of difficult words poorly explained or misunderstood messages can result as a communication obstacle(E z articles 2009 1). Cultural Barrier Age, education, gender, social status, economic position, cultural background, religion, political belief, ethics, values, assumptions, aspirations, rules or regulations, standards, priorities can separate one person from another and create a communication obstacle. Individual Barrier It may be a result of an individuals perceptual and personal discomfort. Even when two persons have experienced the same event their mental perception may/may not be identical which acts as a barrier. Style, selective perception, halo effect, poor attention and close mindedness, insufficient filtration are the Individual or Psychological barrier. Organizational Barrier It includes Poor Organizations culture, climate, regulations, status, relationship, complexity, inadequate facilities, opportunities of growth and improvement. whereas, the nature of the internal and external environment like large working areas physically separated from others, poor lightening, staff shortage, outdated equipments and background noise are Physical Organizational Barrier. Interpersonal Barrier Barriers from Employers includes lack of Trust in employees, lack of Knowledge of non-verbal clues like facial expression, body language, gestures, postures, eye contact; different experiences, shortage of time for employees, no consideration for employee needs, wish to capture authority. While Barriers from Employees includes Lack of Motivation, lack of co-operation, trust, fear of penalty and poor relationship with the employer (Know 2009 2). Channel Barrier If the length of the communication is long, or the medium selected is inappropriate, the communication might break up; it can also be a result of the inter-personal conflicts between 1-http://ezinearticles.com/?The-Barriers-to-Effective-Communicationid=121001 2-http://www.knowthis.com/principles-of-marketing-tutorials/promotion-decisions/obstacles-to-effective-communication/ the sender and receiver; lack of interest to communicate; information sharing or access problems which can hamper the channel and affect the clarity, accuracy and effectiveness of communication. Dealing with an international team When we communicate with the people of our own culture we can communicate effectively. But if we are working in an international organization we have to communicate with the employees from different background and nationalities so there will be lots of challegenes that can be met while communicating with the international team which are mentioned below Cultural Challenges Culture strongly affects communication and a big challenge while dealing with the international team. For example when we want to communicate we encode message using the assumption of our own culture while the receiver will decodes the message using assumptions of his/her own culture so meaning may be misunderstood. The greater the difference in culture greater is the chance of misunderstanding. The other type of cultural differences are Contextual differences From culture to culture people convey contextual meaning differently. In high context culture people such as south Korea Taiwan rely on more on the non verbal actions and environmental setting to convey their message. In low context culture people like united states and Germany rely more on verbal communication. Contextual differences affect the way cultures approach situations such as decisions making, problem solving and negotiating. Legal and ethical differences Legal and ethical behaviour is also influenced by cultural context. For example, people from the low context culture value the written word, they consider written agreements and tend to adhere to laws strictly. But the high context people less emphasis on the written words. Social differences In any culture rules may be formal or informal. Formal rules are specifically taught dos and donts of how to behave in a common social situations. Informal rules deals with how males and females are supposed to behave. In some countries like india, Pakistan and Bangladesh women are not taken seriously as business people. But in the western countries women treated equally in business places. Culture also tell how people show respect and signify rank. For example in united states people respect top managers as Mr Bush or Mr Andrew but in countries like china show respect by using official title like President or Managers. Non verbal differences Non verbal difference is also another type of cultural challenge while dealing with the international team. People in Canada and united state usually take five feet gap during business conversation as compared to the people in countries like Arab, Germany and Japan feel uncomfortable while keeping this distance. Recommendations Managers act like a pillars for any organization. As mention above that the change in any organization can create threats and opportunities for the organization. Managers should plan a proper strategy of communication in the context of change. The strategy should include; Considering the likely effects of change and and planning for it well in advance. Adapting a flexible, democratic management style even though this may be within a formal organisational structure, in order to create a climate where change is easier to achieve. Motivate employees by understanding nature and perception. Tell their employees reasons and the benefits of change after the change process. Recognization of cultural variation in communication style. Manage disputes at each level. Manage problems of each employee like stress, depression, relationship, personal issues and differences. Identify clearer gaols and targets so That every ones knows what is to achieve and time scale involved. Training and retraining and new work. Monitor and review progress to regularly access progress towards goals and identify and overcome any difficulties. Manager should act like a communicator, planner, leader, motivator and controller. Bibliography Adler, R.B (2006) Communicating at Work, (8th Edition) McGraw-Hill Humanities/Social Sciences/Languages Hughes M(2006) Change management A critical perspective. Chartered institute of personal and development. ISBN 1-84398-070-3 References Bernard Burnes Managing change 4th Edition prentice hall Burnes, B. (2004). Kurt Lewins and the Planned Approach to Change: A Re-appraisal. Journal of Management Studies. Vol.41, No.6 Higgs, M. Rowland, D. (2005). Exploring Approaches to Change and its Leadership. Journal of Change Management. Vol.5, No.2. John V Thill and Courtland Bovee (2002). Excellence in Business communication 8th Edition Pearson International Edition. John Hayes (2006). The theory and practise of change Management. 6th Edition London :Prentice Hall p233. Richard R L Daft (2005) Management 6th edition. R Blundel K Ippolito (2007) Effective business communication 2nd Edition Prentice Hall p13. Barriers to communication(2008). Available: http://ezinearticles.com/?The-Barriers-to-Effective-Communicationid=121001. Last accessed 14 Dec. (2008). Non Verbal Communication(2009).Available: businessdictionary.com. Last accessed 11 Dec. Obstacles to business communication (2009).Available:http://www.knowthis.com/principles-of-marketing-tutorials/promotion-decisions/obstacles-to-effective-communication/. Last accessed 12 Dec. Personal growth(2006).Available :http://www.about-personal-growth.com/verbal communication.html. Last accessed 10 Dec. Working Together To Business Communication(2008).. Available: http://www.thetimes100.co.uk/theory/theoryworking-together-business-communications388.php. Last accessed 11 Dec.
Sunday, January 19, 2020
Media â⬠Gaga and Audience Study Essay
Lady Gaga is beyond just a modern pop star; she is a product as well. From literally selling singles, albums and concert tickets, Lady Gaga is also selling herself as a brand. She is a media construct who is artificial and created for a specific target audience in the effort for the maximum commercial gain. Her ââ¬ËLittle Monstersââ¬â¢ are the ââ¬Ëbuyersââ¬â¢ in the product and purchaser relationship and they not only buy into the idea of her as an artist but also as an icon and a brand. Her brand and image is established in several ways through her design including how she portrays herself as a modern pop package and her personality. She spreads awareness of herself through market and promotion including social media and music videos in order to maintain a convincing relationship to her fans. There are three main parties involved with this relationship Gaga has with her fans. First of all, her record label, Interscope who signed her in 2007 are part of a conglomerate, Universal Music hence they have identified her as a way to make a financial return on their investment and look to benefit from this relationship financially. Secondly, Lady Gaga is another party in this relationship. She also similarly benefits financially as well as being able to live her dream and passion of music or at least that is hat she is trying to portray. Lastly, her ââ¬ËLittle Monstersââ¬â¢ are the last party involved. Made up predominately of teenagers to mid 30ââ¬â¢s and also the gay community, they benefit from contributing to her success and ultimately finding joy and happiness from this. The main aim of the relationship is to maximise the commercial success from increasing sales of her physical products. Her design is a way in which Lady Gaga endeavours to establish and maintain a relationship with her audience. Two main aspects of her design include how she is a modern pop package and her personality while others include her look, religious cult figure and her name. A modern pop package refers to how Gaga produces music within the pop bracket but also how she follows international and local trends in terms of fashion or technology. This is an effective way for Gaga to create the relationship with her audience because of several benefits of a modern pop package. Firstly, pop music reaches out to a large audience not only on Top 40 music stations but in mainstream media in general. As a result there is an increase in appeal from a wider audience allowing the relationship to occur on a wider scale. Secondly, because the target age demographic for pop music would be the 15-35 age group and they have the most income available to spend on entertainment, she is able to maximise sales hence financial return for herself and her record label. In general pop music refers to music that deals with typical topics like love or fame or having fun. Gagaââ¬â¢s debut single, ââ¬ËJust Danceââ¬â¢ is an example of her work to show how she fits into this genre of music. It speaks about being free, having a good time reinforcing this idea that pop music is usually made for listening ple asure as opposed to real craft or message sending and ââ¬ËJust Danceââ¬â¢ certainly fits into the category. An increasing part of a modern pop package is appealing genuine and authentic to their fans and ensuring them that the relationship is genuine. Personality is another aspect of her design that enables Gaga to have a relationship with her fans. Her personality refers to her portrayal of herself to be genuine and that she really cares about her fans. The way in which she advocates difference is a main method in which she does this. This allows her to develop the relationship because by making individuals feel included and important, fans then feel that they need to repay her by giving her unconditional support. Examples of this would be at her concert in Auckland where she sings Happy Birthday to one of her fans, Minisha. She took the effort to learn the correct pronunciation of her name and this shows the audience how she really cares about them individually. Another example would be when Gaga ask the girls, ââ¬Å"How short are your skirts? â⬠This again allows hr to develop the relationship by making her fans believe that she is genuine and different from other pop stars and they consequently buy into the idea of how she the perfect pop star and role model that they should support. Her design comes with several implications. Firstly, there are contrary messages from Gaga as a result of being in the modern pop bracket. While she preaches difference and the positive of being unique and different, she herself produces modern pop music. This causes a contradiction in her image and raises the idea that difference is okay if youââ¬â¢re still in the main bracket or if Lady Gaga says so. Another example of where this had occurred would be when a source quoted that ââ¬Å"Gaga slams Adele all the time, even calling her a fat cowâ⬠. Adele is a modern day artist that literally promotes difference, as she is evidently larger than most other pop stars today. This may raise the idea that Gaga is becoming threatening by Adele due to the similarity in advocating difference and may be what is developing into commercial envy. Overall this implication is reflecting on Gagaââ¬â¢s fans because it shows that even though she advocates difference, it really doesnââ¬â¢t mean huge difference, just enough to appear different with the aim of financially capitalising on this idea. The way in which is advocating different also raises an implication on the music industry as a whole. It is a well known fact that unless an artist is expected to make money for the record label, they wonââ¬â¢t be signed. This raises how they have formulas, which have proved successful in the past, and therefore how Gaga must fit into this formula This is further implications on the music industry as a whole as well. Because Gagaââ¬â¢s success has proven that the formula works, more and more acts are conforming to this idea of utilising a brand image of appearing different for commercial success. Another example would be One Direction. Similar to Gaga, they are also a product in the way that they are in the business of selling not only their music but also her image with a consumer driven formula. They claim to be ââ¬Å"different from boybands pastâ⬠but it is evident they have the same boy band pop music with a human driven personality similar to the likes of Backstreet Boys etc. This shows how modern day music is about trivial differences that are clearly not that much different and as long as management companies portray the image of the likes of Gaga and One Direction that they are different then the fans will believe it despite them all following the same money making formula that is truly tested throughout the years. The use of this formula raises the issue of longevity. When there is an increase in the use of the difference idea, there becomes a slight problem of repetition. If too many stars consistently advocate difference then in comparison the idea of difference doesnââ¬â¢t become as ground breaking and instead the new normal. Consequently, the press and also her audience may become bored of this idea of difference leading to a decline in popularity. As well as this, it again raises what the future may hold for the music industry. If teenagers are growing up yearning to be different yet the same as their idols it shows that how in the future we may e moving to an even more on sided one dimension celebrity culture where everyone is essentially the same yet trivially different to everyone else. Examples can be seen through the latest artists created through the X Factor USA especially in the Girlââ¬â¢s category. Similarities have been spotted between Cece Frey and Ke$ha. The way in which she is creating an animal branding to herself is incredibly similar to Ke$ha when she first began. This creates the allusion that Cece is different to her counterparts where in fact she is not as she still sings mainstream music. Gaga is known to be one of the acts to lead the way in this brand and cult establishment for fans and since her success, the X Factor is one of the singing talent shows which have followed her in doing the same thing to their contestants. A contestant with a sob story is more likely to do better than say a contestant with a quality voice. By having a story behind them, contestants can engage with their audiences and manipulate their emotions leading to them becoming more relatable to their audience. This raises how the music industry has become less about the music and rather the personality attached to it showing how it has evolved. A whole package is what budding artists need to be rather than just having the voice and in the future, people with real talent will be less represented. * Marketing and promotion is a way in which Lady Gaga spreads awareness of her design to establish and maintain the relationship she had with her fans. She achieves this in two main ways including social media and music videos, other ways are concerts, publicity stunts, merchandise and albums. Firstly modern day pop stars because of its accessibility and also how it allows direct contact between celebrities and their fans use social media widely. Twitter is a medium, which Gaga uses frequently. She was the first user to reach 10 million followers in May 2010 and had consistently been the top most viewed profile on the website. Despite sending on average 2 tweets a day, ââ¬Å"Goodnight little monstersâ⬠is an example of a tweet which enables her to maintain this important relationship she had with her fans. Tweets like this make her fans believe they are part of her life and also that she cares about them. Consequently, fans feel special and buy into the idea of supporting her. Now, especially with the feature of Twitter with the ability to send tweets straight to mobile phones, a close bond between her and her fans is established because it makes them believe she is talking to the specially. As well as Twitter, her website is a way in which she targets her fanbase alone. It is by invite only, which is significant because it makes fans feel part of her inner circle and therefore increasing the closeness fans feel of the relationship. Also because she targets those who are different and on the fringe of society, and therefore presumed to be not included, by including them she is making sure that they feel included. She plays on the insecurity in everyone in that we have a desire to be included and therefore develops the idea she cares for the genuinely and in return should support her. Music videos are another way Gaga develops a relationship with her fans. Her music video for Telephone is a great example. 9 minutes in length, it had multiple occasions of product placement such as Wonder White Bread or HP Computers. Both of these features increase the views of her video and therefore awareness of her because it is different. The more views a music video has the more likely it will appear as a promoted video. This attracts more people that are not necessarily in her fanbase already and allows for more people to become her fans. Particularly the product placement, which turns her video into a game where people spot the different brands, views and awareness, is definitely achieved. Though product placement has a direct link to a profit motive, it also helps Gaga to develop a relationship with her fans. By promoting certain brands, her fans are more inclined to purchase them as they feel if they do they are better fans or similar to Gaga as they consume and like the same products. Meanwhile, those companies as well as Gaga are further benefiting financially from it. As well as that because her music videos are usually released to her website first rather than the likes of MTV. She is further improving the relationship because she is showing them that she really cares about them and is therefore rewarding their support with something tangible before the rest of the world. There are again several implications from her marketing and promotion. Firstly, the idea of social media pacing the way for a false relationship between idols and their fans has its own implication. The idea that an idol will reply to your tweets can be likened to a carrot analogy. The accessibility of social networking sites makes fans believe that one day they will notice them, if not today then tomorrow or the next day. This creates a false perception of the relationship fans have with Gaga. In the meantime, by using social networking sites they are freely promoting Gaga as a brand and as a product. Therefore it shows how Gaga is the one benefiting form the use of social networking financially where as the fans are being taken advantage of due to their free publicity for her. What used to be the job of management companies and what they had to pay thousands for in the past can now be done for free by her fans. Additionally, social media fosters the idea that pop stars are working for them. This is because when artists leak things like album artwork, or snippets of new songs, they automatically get feedback on social networking sites without directly asking for it and make changes accordingly. As a result, fans believe that their artist work to please them and because they are so wrapped up in the idea of them they ignore the real purpose behind the changes which is to increase sales and financial return for her record label and herself leading to manipulation of the trust between Gaga and her fans. Other pop acts such as Justin Bieber and One Direction use them in similar ways. Furthermore, there are social worries attached to this use of social media. There is a distortion of the idea that teenagers actually have this connection with their idols where in fact they havenââ¬â¢t. There then becomes a dependency of them on their idols with some fans even going as far as saying ââ¬Å"Gaga saved my lifeâ⬠or similar claims. This is an issue due to the impacts this could have on them if their idol was to not be in the industry anymore. Besides other artists utilising social media for promotion and marketing of themselves, businesses have also followed Gaga in this way. Large businesses in New Zealand from banks such as ASB with 6300 followers to Vodafone with over 23 and a half thousand followers are beginning to capitalise on the use of social media for business also. E-commerce has become a huge part of business and more and more companies are aiming to create the relationship with their audience and target markets through these social media outlets in the effort to become more relatable and ultimately earn more sales from it. A issue becomes prominent as society becomes too over exposed to commercialisation and it becomes less about the product itself but how itââ¬â¢s sold to us sways whether we purchase it or not. Music videos also have their own implications. As said in an article by Jezbel. com, ââ¬Å"If anything, he video simply amplifies what music videos have been all along: a giant commercial for an artist to sell records withâ⬠and this is more than true with Gaga but as well as selling music, music videos are also helping he sell concert tickets. Concerts are where the majority of the money is made in the modern industry due to the increase in piracy. Consequently, her music videos become promotion to her concerts and activitely act as a preview of what you can expect from her concert. An example would be the costume changes throughout her video for telephone. She changes from a telephone headpiece to a leopard print leotard. The multiple costume changes not only put into practice what she preaches but it becomes a preview of what fans can expect from her concerts which is excessive costume changes. This ultimately shows how the more physical products music artists make, the more they are just trying to increase their sales of other things in the effort to earn more money from their fans. The same conclusion could then be drawn from the latest thing of having lyric videos for singles could just be an encouragement for fans to purchase something else to increase the commercial success for artists and their labels. This raises a more significant implication of how more and more mediums are being created for fans to buy into and the impulsive buying from fans are further increasing the profits made from Gaga as a brand. Fans tend to buy merchandise and anything with their idols on them in the effort to prove they are the biggest fans and again like music, they are tangible things in which artists sell and no doubt contributed to Gagaââ¬â¢s $90 million dollar profit last year (according to Forbes).
Friday, January 10, 2020
Phishing Attack
CHAPTER 1 INTRODUCTION In the field of computer security, Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes. There are many variations on this scheme. It is possible to Phish for other information in additions to usernames and passwords such as credit card numbers, bank account numbers, social security numbers and mothersââ¬â¢ maiden names. Phishing presents direct risks through the use of stolen credentials and indirect risk to institutions that conduct business on line through erosion of customer confidence. The damage caused by Phishing ranges from denial of access to e-mail to substantial financial loss. [pic] Fig 1. 1 the simplified flow of information in a Phishing attack 1. A deceptive message is sent from the Phishers to the user. 2. A user provides confidential information to a Phishing server (normally after some interaction with the server). 3. The Phishers obtains the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The Phishers obtains illicit monetary gain. Steps 3 and 5 are of interest primarily to law enforcement personnel to identify and prosecute Phishers. The discussion of technology countermeasures will center on ways to disrupt steps 1, 2 and 4, as well as related technologies outside the information flow proper. CHAPTER 2 PHISHING TECHNIQUES Phishers use a wide variety of techniques, with one common thread. LINK MANIPULATION Most methods of Phishing use some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by Phishers. In the following example, http://www. yourbank. example. com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the ââ¬Å"yourbankâ⬠(i. e. Phishing) section of the example website. An old method of spoofing used links containing the ââ¬Ë@' symbol, originally intended as a way to include a username and password. For example, http://www. oogle. [emailà protected] tripod. com/ might deceive a casual observer into believing that it will open a page on www. google. com, whereas it actually directs the browser to a page on members. tripod. com, using a username of www. google. com: the page opens normally, regardless of the username supplied. 1 2 FILTER EVASION Phishers have used images ins tead of text to make it harder for anti-Phishing filters to detect text commonly used in Phishing e-mails. WEBSITE FORGERY Once a victim visits the Phishing website the deception is not over. Some Phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL. [pic] Fig 2. 1 An website which does not shows real address bar PHONE PHISHING Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the Phishers) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice Phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization. pic] Fig 2. 2 How Phishing Attack can take place CHAPTER 3 REASONS OF PHISHING Let's consider some of the reasons people fall victim to Phishing scams. TRUST OF AUTHORITY When a Phishing email arrives marked as ââ¬Å"High Priorityâ⬠that threatens to close our bank account unless we update our data immediately, it engages the same authority response mechanisms that we've obeyed for millennia. In our modern culture, the old markers of authority ââ¬â physical strength, aggressiveness, ruthlessness ââ¬â have largely given way to signs of economic power. ââ¬Å"He's richer than I am, so he must be a better manâ⬠. If you equate market capitalization with GDP then Bank of America is the 28th most powerful country in the world. If you receive a personal email purported to come from BOA questioning the validity of your account data, you will have a strong compulsion to respond, and respond quickly. TEXTUAL AND GRAPHIC PRESENTATION LACKS TRADITIONAL CLUES OF VALIDITY Most people feel that they can tell an honest man by looking him in the eye. You can spot a ââ¬Å"professionalâ⬠panhandler before he gets to the fourth word in his spiel. Without clues from the verbal and physical realms, our ability to determine the validity of business transactions is diminished. This is a cornerstone of the direct mail advertising business. If a piece of mail resembles some type of official correspondence, you are much more likely to open it. Car dealers send sales flyers in manila envelopes stamped ââ¬Å"Official Businessâ⬠that look like the envelopes tax refund checks are mailed in. Banks send credit card offers in large cardboard envelopes that are almost indistinguishable from FedEx overnight packages. Political advertisements are adorned with all manner of patriotic symbols to help us link the candidate with our nationalistic feelings. E-MAIL AND WEB PAGES CAN LOOK REAL The use of symbols laden with familiarity and repute lends legitimacy (or the illusion of legitimacy) to informationââ¬âwhether accurate or fraudulentââ¬âthat is placed on the imitating page. Deception is possible because the symbols that represent a trusted company are no more ââ¬Ëreal' than the symbols that are reproduced for a fictitious company. Certain elements of dynamic web content can be difficult to copy directly but are often easy enough to fake, especially when 100% accuracy is not required. Email messages are usually easier to replicate than web pages since their elements are predominately text or static HTML and associated images. Hyperlinks are easily subverted since the visible tag does not have to match the URL that your click will actually redirect your browser to. The link can look like http://bankofamerica. com/login but the URL could actually link to http://bankofcrime. com/got_your_login CHAPTER 4 ANTI PHISHING TECHNIQUES To counter the phishing threat, a number of anti-phishing solutions have been proposed, both by industry and academic world. The anti phishing techniques can in general be divided into three categories. 1. Spam Filters 2. Anti-phishing tool bars and 3. Password protection mechanism Spam Filters A class of anti-phishing approaches aims to solve the phishing problem at the email level. The key idea is that when a phishing email does not reach its victims, they cannot fall for the scam. Hence, filters and content analysis techniques are often used to attempt to identify phishing emails before these emails are delivered to users. Clearly, this line of research is closely related to anti-spam research [10]. By continuously training filters (e. g. , Bayesian filters), a large number of phishing emails can be blocked. This is because such emails often contain words that may be identified as suspicious tokens that do not frequently occur in legitimate emails (e. g. , ? update? , ? login? , etc. ). The main disadvantage of anti-spam techniques is that their success depends on the availability of these filters and their proper training. That is, when the user does not actively help in training the filter, the filter typically does not perform as expected. Furthermore, even when filters are trained well and a user rarely receives any spam or phishing emails, once a phishing email bypasses the filter, the userââ¬â¢s belief of the legitimacy of this mail is strengthened. Anti-Phishing Toolbars To identify a page as a phishing site, there are a variety of methods that can be used, such as white lists (lists of known safe sites), blacklists (lists of known fraudulent sites), various heuristics to see if a URL is similar to a well-known URL, and community ratings. The toolbars examined here employ different combinations of these methods. By using publicly available information provided on the toolbar download web sites as well as observations from using each toolbar we get a basic understanding of how each toolbar functions. Some of the toolbars that are used for anti-phishing are 1) eBay Toolbar The eBay Toolbar uses a combination of heuristics and blacklists. The toolbar also gives users the ability to report phishing sites, which will then be verified before being blacklisted. 2) GeoTrust TrustWatch Toolbar GeoTrustââ¬â¢s web site provides no information about how TrustWatch determines if a site is fraudulent; however, it is suspect that the company ompiles a blacklist that includes sites reported by users through a button provided on the toolbar. 3) Google Safe Browsing Google provides the source code for the Safe Browsing feature and says that it checks URLs against a blacklist 4) McAfee SiteAdvisor SiteAdvisor claims to detect not just phishing websites, but any sites that send spam, offer downloads containi ng spyware, or engage in other similar bad practices. The determination is made by a combination of automated heuristics and manual verification. 5) Microsoft Phishing Filter in Windows Internet Explorer This toolbar largely relies on a blacklist hosted by Microsoft. However, it also uses some heuristics when it encounters a site that is not in the blacklist. Users also have the option of using this feature to report suspected phishing sites 6) Netcraft Anti-Phishing Toolbar The Netcraft toolbar also uses a blacklist, which consists of fraudulent sites identified by Netcraft as well as sites submitted by users and verified by the company. The toolbar also displays a risk rating between one and ten as well as the hosting location of the site. [pic] Fig 4. 1 Netcraft Anti-Phishing Toolbar ) Netscape Browser 8. 1 It appears that the functionality of Netscape Browser relies solely on a blacklist, which is maintained by AOL and updated frequently. When a suspected phishing site is encountered, the user is redirected to a built-in warning page. Users are shown the original URL and are asked whether or not they would like to proceed. 8) Spoofguard Spoofguard does not use white lists or blac klists. Instead, the toolbar employs a series of heuristics to identify phishing pages. 9) AntiPhish AntiPhish is an academic solution which keeps track of where sensitive information is being submitted to. 0) Dynamic security skins Dynamic security skins is also an academis solution which allow a remote server to prove its identity in a way that is easy for humans to verify. Most of the tools that were tested used blacklists, but only half of them were able to identify the majority of phishing web sites. We donââ¬â¢t know the size of the blacklists used by each toolbar, nor do we know what heuristics are used by any of the toolbars other than Spoofguard. We suspect that the toolbars that performed best use larger and more frequently updated black lists. They may also use heuristics that allow them to detect phishing sites that havenââ¬â¢t yet been put on the blacklist. The only toolbar known to make no use of blacklists was Spoofguard. While it was able to identify the majority of phishing sites using only heuristics, it still missed some phishing sites and it had a very high false positive rate. Spoofguard could potentially be improved through the use of a whitelist, which would prevent the problems that occurred when phishing sites were visited before their corresponding legitimate sites. The whitelist would not necessarily need to be extremely large or updated frequently to be effective. Password Protection Mechanism A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password should be kept secret from those who are not allowed for access. So, the major concern for any user is to safeguard his/her password. The password can be cracked with the attacks such as Guessing attack, Brute-force attack, Dictionary attack, Phishing attack etc. ,. Another problem regarding password is single password problem where the user uses a single password for both vulnerable sites and financial sites. The hackers can break into the vulnerable sites that simply stores username and password and apply those retrieved combination of username and password on high security sites such as banking sites. All these problems at a single stroke can be solved by hashing the master password using domain name as key on client side. Some of the applications/tools that use this powerful technique are 1) Password Composer This extension [25] puts a tiny red icon to the left of a password entry field. If one clicks on this icon, the password field is overlaid with a replacement input, where one can supply a single, secure password (Master Password). 2) Magic Password Generator This extension combines master password and the domain name of the site to make another unique password for that site. For advanced users, with a catchall address at a domain, just put ââ¬Å"@example. comâ⬠(whatever oneââ¬â¢s domain is) for the address, and MPWGen will make a different email for every site too. Alternately, use ââ¬Å"[emailà protected]â⬠¦Ã¢â¬ and the value will be inserted after the + sign, for email accounts that support this feature, like gmail. ) Password generator Password Generator gets the hostname from the page's URL and mixes it together with oneââ¬â¢s personal master password using a little cryptographic magic MD5. It always gets the same result if given that hostname and master password, but will never get that result if either changes. 4) Hassapass Hasspass automatically generates strong passwords from a master password and a parameter like domain name. The password generation is performed inside this very browser window in JavaScript 5) Genpass GenPass is a JavaScript/MD5 bookmarklet-based password generator. GenPass is no longer being updated. Presently consider using SuperGenPass; however, note that SuperGenPass is not compatible with GenPassââ¬âgiven the same input, they generate different passwords. 6) Password Hasher When the master key is given to Password Hasher and it enters the hash word into the site's password field. A hash word is the result of scrambling the master key with a site tag. Click on a # marker next to a password field or press the Control-F6 key combination when in a password field or choose Password Hasher from either the Tools menu or the right-click popup menu on a password field to enter the master key. ) Pwdhash Pwdhash is a browser extension that transparently converts a user's password into a domain-specific password. The user can activate this hashing by choosing passwords that start with a special prefix (@@) or by pressing a special password key (F2). Pwdhash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). Based on t he features like application type, hashing algorithm, security, password strength, spoof proof, visibility to webpage, visibility to user etc. Pwdhash is the best among the above mentioned applications. But some of its disadvantages are as follows a) Invisible to user ââ¬â Password hashing done by Pwdhash is invisible to user. If this extension stops working, user will not know about this, i. e. , passwords will not be hashed. b) Visibility of activation to webpage ââ¬â Webpage gets the intimation about the activation of Pwdhash. This made Pwdhash vulnerable for JavaScript attacks. So webpage can put some efforts to know the original master password. ) Password availability as plain text ââ¬â The master password is directly filled in password field given by webpage. i. e. , password is available in plain text. d) Easily spoof-able ââ¬â As activation is visible to webpage and by using Alexââ¬â¢s corner method it is very easy to know the master password of user by f ake webpage. e) Affect on others / Affecting webpage ââ¬â Pwdhash have some side-effects on websites. Any JavaScript attached with password fields will not work properly. For ex. keyPress event will not work properly. f) Not secure ââ¬â Finally, Pwdhash is not looking so secured. CHAPTER 5 ANTI-PHISHING There are several different techniques to combat Phishing, including legislation and technology created specifically to protect against Phishing. SOCIAL RESPONSES One strategy for combating Phishing is to train people to recognize Phishing attempts, and to deal with them. Education can be effective, especially where training provides direct feedback. One newer Phishing tactic, which uses Phishing e-mails targeted at a specific company, known as Spear Phishing, has been harnessed to train individuals at various locations. People can take steps to avoid Phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be ââ¬Å"verifiedâ⬠(or any other topic used by Phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected Phishing message. Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to Phishers. Some companies, for example PayPal, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion (ââ¬Å"Dear PayPal customerâ⬠) it is likely to be an attempt at Phishing. E-mails from banks and credit card companies often include partial account numbers. However, recent research has shown that the public do not typically distinguish between the first few digits and the last few digits of an account numberââ¬âa significant problem since the first few digits are often the same for all clients of a financial institution. People can be trained to have their suspicion aroused if the message does not contain any specific personal information. Phishing attempts in early 2006, however, used personalized information, which makes it unsafe to assume that the presence of personal information alone guarantees that a message is legitimate. Furthermore, another recent study concluded in part that the presence of personal information does not significantly affect the success rate of Phishing attacks, which suggests that most people do not pay attention to such details. The Anti-Phishing Working Group, an industry and law enforcement association has suggested that conventional Phishing techniques could become obsolete in the future as people are increasingly aware of the social engineering techniques used by Phishers. They predict that Pharming and other uses of malware will become more common tools for stealing information. TECHNICAL RESPONSES Anti-Phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. The following are some of the main approaches to the problem. Helping to identify legitimate sites Most Phishing websites are secure websites, meaning that SSL with strong cryptography is used for server authentication, where the website's URL is used as identifier. The problem is that users often do not know or recognize the URL of the legitimate sites they intend to connect to, so that the authentication becomes meaningless. A condition for meaningful server authentication is to have a server identifier that is meaningful to the user. Simply displaying the domain name for the visited website as some some anti-Phishing toolbars do is not sufficient. A better approach is the pet name extension for Firefox which lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is not recognized, then the software may either warn the user or block the site outright. This represents user-centric identity management of server identities. Some suggest that a graphical image selected by the user is better than a pet name Browsers alerting users to fraudulent websites Another popular approach to fighting Phishing is to maintain a list of known Phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2. 0, and Opera all contain this type of anti-Phishing measure. Firefox 2 uses Google anti-Phishing software. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy. To mitigate the problem of Phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image. Augmenting password logins The Bank of America's website is one of several that ask users to select a personal image, and display this user-selected image with any forms that request a password. Users of the bank's online services are instructed to enter a password only when they see the image they selected. However, a recent study suggests few users refrain from entering their password when images are absent. In addition, this feature (like other forms of two-factor authentication) is susceptible to other attacks. Security skins are a related technique that involves overlaying a user-selected image onto the login form as a visual cue that the form is legitimate. Unlike the website-based image schemes, however, the image itself is shared only between the user and the browser, and not between the user and the website. The scheme also relies on a mutual authentication protocol, which makes it less vulnerable to attacks that affect user-only authentication schemes. 1 Eliminating Phishing mail Specialized spam filters can reduce the number of Phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify Phishing e-mails. 2 Monitoring and takedown Several companies offer banks and other organizations likely to suffer from Phishing scams round-the-clock services to monitor, analyze and assist in shutting down Phishing websites. Individuals can contribute by reporting Phishing to both volunteer and industry groups, such as PhishTank. LEGAL RESPONSES On January 26, 2004, the U. S. Federal Trade Commission filed the first lawsuit against a suspected Phisher. The defendant, a Californian teenager, allegedly created a webpage designed to look like the America Online website, and used it to steal credit card information. In the United States, Senator Patrick Leahy introduced the Anti-Phishing Act of 2005. Companies have also joined the effort to crack down on Phishing. CHAPTER 6 HOW ANTI-PHISHING SOFTWARE WORKS Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites and e-mail. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate web sites. Anti-phishing functionality may also be included as a built-in capability of some web browsers Common phishing tactics take advantage of a visitor by requesting them to link out to another site, asking that the enter personal information and passwords, or redirecting them to another site completely for registration. The process usually begins by sending out a forged e-mail that looks like it was sent from the company. Some tactics include saying an account has expired and needs to be updated, or has experienced unauthorized use and needs to be verified. Many banking and financial institutions become targets for these types of scams, and they can be a considerable threat to millions of account holders and users. Many leading web browsers and software programs have realized the impact of this trend, and have created programs that can limit the frequency of these types of scams. Micirosoft Windows Internet Explorer 7, Firefox 2. 0, Google Safe Browsing, and Earthlink ScamBlocker are just a few programs that have reduced the risks involved. In Firefox 2. 0, Phishing Protection is always turned on and checks the sites automatically for any potential risks or hazards. The list is reviewed on a regular basis, and can be configured to Firefox Security settings for maximum control. When Phishing Protection in enabled, the sites are downloaded into a list and checked for any anti-phishing services. A warning sign will appear if any suspicious activity is detected. The Netcraft toolbar makes use of a risk rating system, allowing you the option of entering a password (or not). TrustWatch makes the Internet Explorer toolbar, and can help validate a Web site and provide a site report when needed. This option also allows you to review all suspected sites and find out which ones use SSL technology. Earthlink Toolbar with ScamBlocker will verify any popup messages that you may encounter as you visit a site, and can help you find out all the details on current phishing scams. Anti-phishing software is designed to track websites and monitor activity; any suspicious behaviour can be automatically reported, and even reviewed as a report after a period of time. Anti-phishing toolbars can help protect your privacy and reduce the risk of landing at a false or insecure URL. Although some people have concerns over how valuabe anti-phishing software and toolbars may be, security threats can be reduced considerably when they are managed by the browser program. Other companies that are trained in computer security are investigating other ways to report phishing issues; programs are being designed that can analyze web addresses for fraudulent behavior through new tactics, and cross-checking domain names for validity. The best and in most using Anti-Phishing Software is Netcraft Anti-Phishing Toolbar Netcraft is an Internet Services Company located in the United Kingdom and is devoted to tracking online technology. Additionally, Netcraft has actively taken up the sole of patrolling the cyberspace to sniff out phishing emails. The antiphising toolbar from Netcraft not only protects you and your savings from phishing attacks but also lets you check the hosting location and Risk Rating of every site you visit. Once you download and install the toolbar, you join a giant neighbourhood watch scheme whose most alert and most expert members defend everyone in the community against phishing frauds. This antiphishing group working to protect you is one of the finest ways to fight phishing. This could be downloaded through internet [pic] [pic] Fig 6. 1 Downloading Netcraft anti-phishing tool bar CHAPTER 7 ADVANTAGES AND DISADVANTAGES OF USING ANTI-PHISHING Advantages â⬠¢ Protect your savings from Phishing attacks. â⬠¢ When a Phishing website or phishing email appears it will informs to the user. â⬠¢ Some Anti-Phishing software's also allows seeing the hosting location and Risk Rating of every site you visit. â⬠¢ Anti-phishing software is designed to track websites and monitor activity; any suspicious behavior can be automatically reported and even reviewed as a report after a period of time Disadvantages â⬠¢ No single technology will completely stop phishing. So Phishing attacks can not be completely stopped â⬠¢ Even Anti-Phishing software's should be upgraded with respect to the Phishing attacks. CHAPTER 8 FEW SNAPSHOTS OF PHISHING WEBSITES [pic] Fig 8. 1 Phishing Peoples Bank Web site [pic] [pic] Fig 8. 2 Phishing US Bank Web site CONCLUSION No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it. In particular: High-value targets should follow best practices and keep in touch with continuing evolution of them. Phishing attacks can be detected rapidly through a combination of customer reportage, bounce monitoring, image use monitoring, honeypots and other techniques. Email authentication technologies such as Sender-ID and cryptographic signing, when widely deployed, have the potential to prevent phishing emails from reaching users. Analysis of imagery is a promising area of future research to identify phishing emails. Personally identifiable information should be included in all email communications. Systems allowing the user to enter or select customized text and/or imagery are particularly promising. Browser security upgrades, such as distinctive display of potentially deceptive content and providing a warning when a potentially unsafe link is selected, could substantially reduce the efficacy of phishing attacks. Anti-phishing toolbars are promising tools for identifying phishing sites and heightening security when a potential phishing site is detected. Detection of outgoing confidential information, including password hashing, is a promising area of future work, with some technical challenges. BIBLIOGRAPHY [1] http://en. wikipedia. org/ [2] http://webopedia. com/ [3] http://computerworld. com/ [4] http://www. anti-phishing. info/ [5] http://lorrie. cranor. org/ ââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬â Not the real address bar Not the proper domain for peoples. com
Thursday, January 2, 2020
Subscribe to:
Posts (Atom)