Pollinators
play a crucial role in the production of food crops. While many crops
are open pollinated, meaning they don’t require pollinators to produce
the crop, numerous crops benefit from them. Fruit and vegetable crops
require pollinators (e.g., apples, beans, cantaloupe, cucumbers, grapes,
strawberries) and field crops like alfalfa, almonds, clover, flax and
mustard. A 2009 estimate placed
a value of up to US$29 billion annually on the contribution of
pollinators for American farm incomes. Given the important role and
value of pollinators, ensuring their health is of great importance,
which is why studies reporting harmful effects on pollinator populations
are important.
Over the past decade, mainstream and social media stories have had
many stories and posts about threats to bee populations. Environmental
non-governmental organizations (ENGOs) use these stories to put
political pressure on politicians and policy makers to enact new
legislation to better protect bees. Much of this pressure was targeted
at getting agricultural chemical restrictions and bans implemented. The
ENGO pressure proved effective as between 2010 and 2015, numerous
countries either banned or dramatically restricted the use of some
chemicals that play significant roles in agriculture, especially neonicotinoids.
Neonicotinoids provide plants with protection from insects that damage
crops. Many of these bans and restrictions occurred in Europe, resulting
in farmers losing access to these chemicals. Oilseed rape production in
the UK dropped from 1.8 million acres in 2012, to 1 million in 2020. Neonicotinoid bans in France resulted in substantial sugar beet losses of up to 50% by 2020 and the bans on neonicotinoid use were rescinded.
The questions arising from policies that restrict or ban chemicals,
is whether these should be based solely on laboratory experiments, with
little or limited field study evidence? That’s because lab studies
aren’t the best representation of field conditions bees encounter. In
the field bees:
choose which plants to pollinate and how much/often they do so;
are exposed to bacteria, viruses, parasites and predators that negatively impact their health; and
have complete freedom to move about fields (some go feral).
These are just a few of the factors that laboratory experiments don’t
contemplate when bees are exposed to neonics in typically controlled
settings. Field experiments are expensive to undertake, and comprehensive protocols to do them have
only recently begun to be discussed. But they need to be part of policy
designs, especially when these could negatively impact food security.
The US House Agriculture Committee recognized that CCD posed a
potential threat to food security and held hearings to investigate CCD
in honeybee colonies across the US and the United Nations Environment
Program published a report highlighting
the importance of bees to modern agriculture, highlighting the threats
they face. At the time CCD was first being reported, experts debated
whether it was caused by any of the myriad of pesticides and
metabolites, bacteria, fungi, parasites, viruses or any combinations
thereof that were present in symptomatic colonies. Research quantified
and explored 61 variables that could potentially be the cause, but
failed to identify a single factor with enough consistency, to suggest
it was responsible for the losses. In the absence of sufficient rigorous
data on the health of domesticated honeybees, and even fewer on wild
pollinator populations, other experts questioned
whether reported losses were a new phenomenon at all. The absence of
historical data meant it wasn’t possible to adequately measure the bee
losses experienced in 2006-07 when CCD. The nature and severity of the
losses was ultimately built on the perceptions of experienced
beekeepers.
Research into the potential effects of neonicotinoids on honeybees
increased in 2006, following the initial wave of CCD reports. Much of
research focused on the impacts of imidacloprid on honeybees, even
though there are 7 neonicotinoid insecticides available and over 18,000
bee species. Suspicion that neonicotinoids were responsible for the
perceived decline of pollinators, resulted in governments in Ontario, France, the United Kingdom and Germany enacting restrictions and complete bans on these chemicals.
Contrary to media perceptions, from 1961 to 2019 managed honeybee
colonies increased by 83% worldwide. While managed colonies are not the
most suitable metric with which to assess honeybee populations, the lack
of data prevents the use of more adequate metrics.
Worldwide number of honeybee colonies
There is a growing body of literature reporting on the effects of neonicotinoids on bees, including Chensheng et al., 2014, Faucon et al., 2005, Johnson et al., 2010, Shi et al., 2017 and Wu-Smart & Spivak, 2016.
These effects need to be taken into account when regulatory agencies
are approving pesticides for agricultural use, especially as many of the
publications are solely based on laboratory experiments and fail to
represent chemical exposures in field settings. Woodcock et al. (2017) show
that while neonicotinoids may have negative effects on bees, these
effects are not uniform across countries. Moreover, screening primary
field studies for this meta-analysis revealed the wide-ranging
methodologies researchers use to assess the impact of neonicotinoids on
bees. The developmental stage of bees, plot topography and size,
duration of experiment, nearby crops and plants, bee genetics, age of
queens as well as the country of their origin, all differ among studies,
making it difficult to combine their results.
Follow the latest news and policy
debates on sustainable agriculture, biomedicine, and other ‘disruptive’
innovations. Subscribe to our newsletter.
Searching for field evidence of neonicotinoids impacts on bees
The criteria to justify including an experiment in the meta-analysis dataset, required that it:
be peer reviewed;
report results of an experiment in which there was a treatment and control group;
measure survival or mortality;
explicitly report sample size and some measure of statistical
dispersion that could be used to calculate the magnitude of the effect
being studied;
satisfied the rule nt + nc > 2, where, nt is the sample size of the treatment group and nc is the sample size of the control group; and
be written in English.
To incorporate as many articles as possible, no distinction was made between bee genera.
The figure depicts the screening process followed to reach the number
of studies that fully complied with the inclusion criteria detailed
above. The literature search yielded 625 initial results. After removing
duplicates, irrelevant abstracts and studies not assessing bee survival
or mortality, a total of 128 papers were fully considered for
inclusion. Upon scrutinizing these papers, a further 119 papers did not
fully comply with the inclusion criteria laid out above and were not
incorporated into the meta-analysis.
Analysis flow diagram
Hedge’s d, magnitude of the effect, was computed for every
study included in this meta-analysis. Effect sizes were calculated using
the Practical Meta-Analysis Effect Size Calculator. Data to calculate
these were obtained from sample sizes and any measures of dispersion
found in journal article sections that included: methodology, material
sections, tables, or graphs. If an experiment reported the impact of
multiple agents under study, on an equal number of bee species, Hedge’s d was
calculated for each instance and was considered a distinct data point.
To avoid issues of non-independence, if an experiment spanned months or
years or underwent many replications, only the final result reported was
incorporated into this meta-analysis. In total, 15 data points were
extracted from 9 field experiments.
Field evidence of neonicotinoids impacts on bees
The overall weighted-mean effect size (diamond shape) of field
studies assessing the impact of neonicotinoids on bee mortality is
-0.27, and the 95% confidence interval is -0.73 – 0.19. The
weighted-mean overlaps the vertical ‘line of no effect’, indicating no
difference in mortality between the groups exposed to neonicotinoids and
those that were not (control groups). By using a random-effects model
in this meta-analysis, an assumption that different studies estimate
different, but related, interventions was made. This can also be
intuitively understood, as studies did not employ the same methodology
with which to assess the lethality of neonicotinoids on bees, which
itself has been the subject of extensive debate among experts.
Meta-analysis forest plot
The harmful effects of neonicotinoid concentrations used in
laboratory-based studies, which were instrumental in the EU’s
neonicotinoid ban, aren’t observed when these same concentrations are
used in field-level studies. The results don’t deviate from those of
other comparable analyses. Blacquiere et al. (2012) undertook
a review on the effects of neonicotinoids on bees and found that many
of the lethal and sub-lethal effects neonicotinoids have on bees in
laboratory studies are absent in experiments with field-realistic
dosages. Cresswell (2011) undertook
a meta-analysis of 14 laboratory and semi-field experiments measuring
the effects of imidacloprid on honeybees and found that trace dietary
presence of imidacloprid has no lethal effects but does reduce honeybee
performance.
This is not a defense of neonicotinoids; it’s possible field
experiment protocols aren’t designed in ways that capture the true
effects of neonicotinoids. Publication bias, or the publication of
favorable outcomes may also be affecting field studies. However, only a
small number of field experiments with comparable protocols were found,
partly because undertaking these experiments is logistically challenging
and financially expensive.
Summary
Neonicotinoids were suspected of being, if not the single causal
agent, definitely among the principal causing agents of CCD. Laboratory
experiment results were instrumental in the decision of numerous,
predominantly European governments to ban neonicotinoids from
agricultural application. However, these studies don’t provide a
thorough perspective of the situation, and nonetheless resulted in
economic losses in the hundreds of millions of dollars for farmers.
Knee-jerk policies like neonicotinoid bans, result in significant
economic costs for farmers through reduced yields and consumers through
higher food prices, as there are few, if any, chemical pest control
alternatives. More field experiments with comparable protocols would
better inform policies about the impacts of neonics on bees in general,
and honeybees in particular.
Diego Macall has been involved with
the ongoing surveying of experts around the world to better understand
new genome editing techniques. Diego began his Ph.D. Programme in
Environmental Science and Technology, at the Universitat Autònoma de
Barcelona. Follow Diego on Twitter @Dmmagec
A version of this article was originally posted at SAIFood
and has been reposted here with permission. Any reposting should credit
the original author and provide links to both the GLP and the original
article. Find SAIFood on Twitter @SAIFood_blog
Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware.
Phishing attacks have become increasingly sophisticated and often
transparently mirror the site being targeted, allowing the attacker to
observe everything while the victim is navigating the site, and
transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.
The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600.It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.
Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures.
The importance of phishing awareness has increased in both personal and
professional settings, with phishing attacks among businesses rising
from 72% to 86% from 2017 to 2020.
Types
Email phishing
Phishing attacks, often delivered via email spam,
attempt to trick individuals into giving away sensitive information or
login credentials. Most attacks are "bulk attacks" that are not targeted
and are instead sent in bulk to a wide audience.
The goal of the attacker can vary, with common targets including
financial institutions, email and cloud productivity providers, and
streaming services. The stolen information or access may be used to steal money, install malware, or spear phish others within the target organization. Compromised streaming service accounts may also be sold on darknet markets.
This type of social engineering
attack can involve sending fraud emails or messages that appear to be
from a trusted source, such as a bank or government agency. These
messages typically redirect to a fake login page where the user is
prompted to enter their login credentials.
Spear phishing
Spear phishing is a targeted phishing attack that uses personalized emails
to trick a specific individual or organization into believing they are
legitimate. It often utilizes personal information about the target to
increase the chances of success.
These attacks often target executives or those in financial departments
with access to sensitive financial data and services. Accountancy and
audit firms are particularly vulnerable to spear phishing due to the
value of the information their employees have access to.
A study on spear phishing susceptibility among different age
groups found that 43% of 100 young and 58 older users clicked on
simulated phishing links in daily emails over 21 days. Older women had
the highest susceptibility, while susceptibility in young users declined
over the study, but remained stable in older users.
Whaling and CEO fraud
Whaling attacks use spear phishing techniques to target senior executives and other high-profile individuals with customized content, often related to a subpoena or customer complaint.
CEO fraud involves sending fake emails from senior executives to trick employees into sending money to an offshore account. It has a low success rate, but can result in organizations losing large sums of money.
Clone phishing
Clone
phishing is a type of attack where a legitimate email with an
attachment or link is copied and modified to contain malicious content.
The modified email is then sent from a fake address made to look like
it's from the original sender. The attack may appear to be a resend or
update of the original email. It often relies on the sender or recipient
being previously hacked so the attacker can access the legitimate
email.
Voice over IP (VoIP) is used in vishing or voice phishing attacks, where attackers make automated phone calls to large numbers of people, often using text-to-speech
synthesizers, claiming fraudulent activity on their accounts. The
attackers spoof the calling phone number to appear as if it is coming
from a legitimate bank or institution. The victim is then prompted to
enter sensitive information or connected to a live person who uses social engineering tactics to obtain information. Vishing takes advantage of the public's lower awareness and trust in voice telephony compared to email phishing.
SMS phishing
SMS phishing or smishing is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker. They may then be asked to provide private information,
such as login credentials for other websites. The difficulty in
identifying illegitimate links can be compounded on mobile devices due
to the limited display of URLs in mobile browsers.
Smishing can be just as effective as email phishing, as many
smartphones have fast internet connectivity. Smishing messages may also
come from unusual phone numbers.
Page hijacking
Page hijacking involves redirecting users to malicious websites or exploit kits through the compromise of legitimate web pages, often using cross site scripting. Hackers may insert exploit kits such as MPack
into compromised websites to exploit legitimate users visiting the
server. Page hijacking can also involve the insertion of malicious inline frames, allowing exploit kits to load. This tactic is often used in conjunction with watering hole attacks on corporate targets.
Calendar phishing
Calendar phishing involves sending fake calendar invitations with
phishing links. These invitations often mimic common event requests and
can easily be added to calendars automatically. To protect against this form of fraud, former Google click fraud czar Shuman Ghosemajumder recommends changing calendar settings to not automatically add new invitations.
Techniques
Link manipulation
Phishing attacks often involve creating fake links that appear to be from a legitimate organization. These links may use misspelled URLs or subdomains to deceive the user. In the following example URL, http://www.yourbank.example.com/, it can appear to the untrained eye as though the URL will take the user to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing subdomain) section of the example
website (fraudster's domain name). Another tactic is to make the
displayed text for a link appear trustworthy, while the actual link goes
to the phisher's site. To check the destination of a link, many email
clients and web browsers will show the URL in the status bar when the mouse is hovering over it. However, some phishers may be able to bypass this security measure.
Internationalized domain names (IDNs) can be exploited via IDN spoofing or homograph attacks
to allow attackers to create fake websites with visually identical
addresses to legitimate ones. These attacks have been used by phishers
to disguise malicious URLs using open URL redirectors on trusted websites. Even digital certificates, such as SSL,
may not protect against these attacks as phishers can purchase valid
certificates and alter content to mimic genuine websites or host
phishing sites without SSL.
Filter evasion
Phishers
have sometimes used images instead of text to make it harder for
anti-phishing filters to detect the text commonly used in phishing
emails. In response, more sophisticated anti-phishing filters are able to recover hidden text in images using optical character recognition (OCR).
Social engineering
Phishing often uses social engineering
techniques to trick users into performing actions such as clicking a
link or opening an attachment, or revealing sensitive information. It
often involves pretending to be a trusted entity and creating a sense of
urgency, like threatening to close or seize a victim's bank or insurance account.
An alternative technique to impersonation-based phishing is the use of fake news articles to trick victims into clicking on a malicious link. These links often lead to fake websites that appear legitimate, but are actually run by attackers who may try to install malware or present fake "virus" notifications to the victim.
Early phishing techniques can be traced back to the 1990s, when black hat hackers and the warez community used AOL
to steal credit card information and commit other online crimes. The
term "phishing" is said to have been coined by Khan C. Smith, a
well-known spammer and hacker, and its first recorded mention was found in the hacking tool AOHell, which was released in 1995. AOHell allowed hackers to impersonate AOL staff and send instant messages to victims asking them to reveal their passwords. In response, AOL implemented measures to prevent phishing and eventually shut down the warez scene on their platform.
2000s
In the 2000s, phishing attacks became more organized and targeted. The first known direct attempt against a payment system, E-gold, occurred in June 2001, and shortly after the September 11 attacks, a "post-9/11 id check" phishing attack followed. The first known phishing attack against a retail bank was reported in September 2003.
Between May 2004 and May 2005, approximately 1.2 million computer users
in the United States suffered losses caused by phishing, totaling
approximately US$929 million.
Phishing was recognized as a fully organized part of the black market,
and specializations emerged on a global scale that provided phishing
software for payment, which were assembled and implemented into phishing
campaigns by organized gangs. The United Kingdom banking sector suffered from phishing attacks, with losses from web banking fraud almost doubling in 2005 compared to 2004.
In 2006, almost half of phishing thefts were committed by groups
operating through the Russian Business Network based in St. Petersburg. Email scams posing as the Internal Revenue Service were also used to steal sensitive data from U.S. taxpayers. Social networking sites are a prime target of phishing, since the personal details in such sites can be used in identity theft; In 2007, 3.6 million adults lost US$3.2 billion due to phishing attacks.
The Anti-Phishing Working Group reported receiving 115,370 phishing
email reports from consumers with US and China hosting more than 25% of
the phishing pages each in the third quarter of 2009.
2010s
Phishing in
the 2010s saw a significant increase in the number of attacks. In 2011,
the master keys for RSA SecurID security tokens were stolen through a
phishing attack.
Chinese phishing campaigns also targeted high-ranking officials in the
US and South Korean governments and military, as well as Chinese
political activists.
According to Ghosh, phishing attacks increased from 187,203 in 2010 to
445,004 in 2012. In August 2013, Outbrain suffered a spear-phishing
attack,
and in November 2013, 110 million customer and credit card records were
stolen from Target customers through a phished subcontractor account. CEO and IT security staff were subsequently fired.
In August 2014, iCloud leaks of celebrity photos were based on phishing
e-mails sent to victims that looked like they came from Apple or
Google. In November 2014, phishing attacks on ICANN
gained administrative access to the Centralized Zone Data System; also
gained was data about users in the system - and access to ICANN's public
Governmental Advisory Committee wiki, blog, and whois information
portal. Fancy Bear was linked to spear-phishing attacks against the Pentagon email system in August 2015, and the group used a zero-day exploit of Java in a spear-phishing attack on the White House and NATO.
Fancy Bear carried out spear phishing attacks on email addresses
associated with the Democratic National Committee in the first quarter
of 2016. In August 2016, members of the Bundestag and political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union, and the CDU of Saarland were targeted by spear-phishing attacks suspected to be carried out by Fancy Bear. In August 2016, the World Anti-Doping Agency
reported the receipt of phishing emails sent to users of its database
claiming to be official WADA, but consistent with the Russian hacking
group Fancy Bear.
In 2017, 76% of organizations experienced phishing attacks, with nearly
half of the information security professionals surveyed reporting an
increase from 2016. In the first half of 2017, businesses and residents
of Qatar were hit with over 93,570 phishing events in a three-month
span.
In August 2017, customers of Amazon faced the Amazon Prime Day phishing
attack, when hackers sent out seemingly legitimate deals to customers
of Amazon. When Amazon's customers attempted to make purchases using the
"deals", the transaction would not be completed, prompting the
retailer's customers to input data that could be compromised and stolen.
In 2018, the company block.one, which developed the EOS.IO blockchain,
was attacked by a phishing group who sent phishing emails to all
customers aimed at intercepting the user's cryptocurrency wallet key,
and a later attack targeted airdrop tokens.
2020s
Phishing
attacks have evolved in the 2020s to include elements of social
engineering, as demonstrated by the July 15, 2020, Twitter breach. In
this case, a 17-year-old hacker and accomplices set up a fake website
resembling Twitter's internal VPN provider used by remote working
employees. Posing as helpdesk staff, they called multiple Twitter
employees, directing them to submit their credentials to the fake VPN
website.
Using the details supplied by the unsuspecting employees, they were
able to seize control of several high-profile user accounts, including
those of Barack Obama, Elon Musk, Joe Biden, and Apple Inc.'s company
account. The hackers then sent messages to Twitter followers soliciting
Bitcoin, promising to double the transaction value in return. The
hackers collected 12.86 BTC (about $117,000 at the time).
Anti-phishing
There are anti-phishing websites which publish exact messages that have been recently circulating the internet, such as FraudWatch International and Millersmiles. Such sites often provide specific details about the particular messages.
As recently as 2007, the adoption of anti-phishing strategies by
businesses needing to protect personal and financial information was
low.
Now there are several different techniques to combat phishing,
including legislation and technology created specifically to protect
against phishing. These techniques include steps that can be taken by
individuals, as well as by organizations. Phone, web site, and email
phishing can now be reported to authorities, as described below.
User training
Effective phishing education, including conceptual knowledge and feedback,
is an important part of any organization's anti-phishing strategy.
While there is limited data on the effectiveness of education in
reducing susceptibility to phishing, much information on the threat is available online.
Simulated phishing
campaigns, in which organizations test their employees' training by
sending fake phishing emails, are commonly used to assess their
effectiveness. One example is a study by the National Library of
Medicine, in which an organization received 858,200 emails during a
1-month testing period, with 139,400 (16%) being marketing and 18,871
(2%) being identified as potential threats. These campaigns are often
used in the healthcare industry, as healthcare data is a valuable target
for hackers. These campaigns are just one of the ways that
organizations are working to combat phishing.
To avoid phishing attempts, people can modify their browsing habits
and be cautious of emails claiming to be from a company asking to
"verify" an account. It's best to contact the company directly or
manually type in their website address rather than clicking on any hyperlinks in suspicious emails.
Nearly all legitimate e-mail messages from companies to their
customers contain an item of information that is not readily available
to phishers. Some companies, for example PayPal, always address their customers by their username in emails, so if an email addresses the recipient in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing.
Furthermore, PayPal offers various methods to determine spoof emails
and advises users to forward suspicious emails to their spoof@PayPal.com
domain to investigate and warn other customers. However it is unsafe to
assume that the presence of personal information alone guarantees that a
message is legitimate,
and some studies have shown that the presence of personal information
does not significantly affect the success rate of phishing attacks; which suggests that most people do not pay attention to such details.
Emails from banks and credit card companies often include partial account numbers, but research
has shown that people tend to not differentiate between the first and
last digits. This is an issue because the first few digits are often the
same for all clients of a financial institution.
The Anti-Phishing Working Group, who's one of the largest anti-phishing organizations in the world, produces regular report on trends in phishing attacks.
Google posted a video demonstrating how to identify and protect yourself from Phishing scams.
Technical approaches
A
wide range of technical approaches are available to prevent phishing
attacks reaching users or to prevent them from successfully capturing
sensitive information.
Filtering out phishing mail
Specialized spam filters
can reduce the number of phishing emails that reach their addressees'
inboxes. These filters use a number of techniques including machine learning and natural language processing approaches to classify phishing emails, and reject email with forged addresses.
Browsers alerting users to fraudulent websites
Another popular approach to fighting phishing is to maintain a list
of known phishing sites and to check websites against the list. One such
service is the Safe Browsing service. Web browsers such as Google Chrome, Internet Explorer 7, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure. Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from Phishtank, cyscon and GeoTrust, as well as live whitelists
from GeoTrust. Some implementations of this approach send the visited
URLs to a central service to be checked, which has raised concerns about
privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.
An approach introduced in mid-2006 involves switching to a
special DNS service that filters out known phishing domains: this will
work with any browser, and is similar in principle to using a hosts file to block web adverts.
To mitigate the problem of phishing sites impersonating a victim
site by embedding its images (such as logos), several site owners have
altered the images to send a message to the visitor that a site may be
fraudulent. The image may be moved to a new filename and the original
permanently replaced, or a server can detect that the image was not
requested as part of normal browsing, and instead send a warning image.
Augmenting password logins
The Bank of America website is one of several that asks users to select a personal image (marketed as SiteKey)
and displays this user-selected image with any forms that request a
password. Users of the bank's online services are instructed to enter a
password only when they see the image they selected. However, several
studies suggest that few users refrain from entering their passwords
when images are absent. In addition, this feature (like other forms of two-factor authentication) is susceptible to other attacks, such as those suffered by Scandinavian bank Nordea in late 2005, and Citibank in 2006.
A similar system, in which an automatically generated "Identity
Cue" consisting of a colored word within a colored box is displayed to
each website user, is in use at other financial institutions.
Security skins
are a related technique that involves overlaying a user-selected image
onto the login form as a visual cue that the form is legitimate. Unlike
the website-based image schemes, however, the image itself is shared
only between the user and the browser, and not between the user and the
website. The scheme also relies on a mutual authentication protocol, which makes it less vulnerable to attacks that affect user-only authentication schemes.
Still another technique relies on a dynamic grid of images that
is different for each login attempt. The user must identify the pictures
that fit their pre-chosen categories (such as dogs, cars and flowers).
Only after they have correctly identified the pictures that fit their
categories are they allowed to enter their alphanumeric password to
complete the login. Unlike the static images used on the Bank of America
website, a dynamic image-based authentication method creates a one-time
passcode for the login, requires active participation from the user,
and is very difficult for a phishing website to correctly replicate
because it would need to display a different grid of randomly generated
images that includes the user's secret categories.
Monitoring and takedown
Several
companies offer banks and other organizations likely to suffer from
phishing scams round-the-clock services to monitor, analyze and assist
in shutting down phishing websites.
Automated detection of phishing content is still below accepted levels
for direct action, with content-based analysis reaching between 80% and
90% of success so most of the tools include manual steps to certify the detection and authorize the response. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as cyscon or PhishTank. Phishing web pages and emails can be reported to Google.
Transaction verification and signing
Solutions have also emerged using the mobile phone (smartphone) as a second channel for verification and authorization of banking transactions.
Multi-factor authentication
Organizations can implement two factor or multi-factor authentication (MFA), which requires a user to use at least 2 factors when logging in. (For example, a user must both present a smart card and a password).
This mitigates some risk, in the event of a successful phishing attack,
the stolen password on its own cannot be reused to further breach the
protected system. However, there are several attack methods which can
defeat many of the typical systems. MFA schemes such as WebAuthn address this issue by design.
Email content redaction
Organizations
that prioritize security over convenience can require users of its
computers to use an email client that redacts URLs from email messages,
thus making it impossible for the reader of the email to click on a
link, or even copy a URL. While this may result in an inconvenience, it
does almost eliminate email phishing attacks.
Limitations of technical responses
An article in Forbes
in August 2014 argues that the reason phishing problems persist even
after a decade of anti-phishing technologies being sold is that phishing
is "a technological medium to exploit human weaknesses" and that
technology cannot fully compensate for human weaknesses.
Legal responses
On January 26, 2004, the U.S. Federal Trade Commission filed the first lawsuit against a Californian teenager suspected of phishing by creating a webpage mimicking America Online and stealing credit card information.
Other countries have followed this lead by tracing and arresting
phishers. A phishing kingpin, Valdir Paulo de Almeida, was arrested in Brazil for leading one of the largest phishing crime rings, which in two years stole between US$18 million and US$37 million. UK authorities jailed two men in June 2005 for their role in a phishing scam, in a case connected to the U.S. Secret Service Operation Firewall, which targeted notorious "carder" websites. In 2006, Japanese police arrested eight people for creating fake Yahoo Japan websites, netting themselves ¥100 million (US$870,000) and the FBI detained a gang of sixteen in the U.S. and Europe in Operation Cardkeeper.
Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 to Congress in the United States on March 1, 2005. This bill
aimed to impose fines of up to $250,000 and prison sentences of up to
five years on criminals who used fake websites and emails to defraud
consumers. In the UK, the Fraud Act 2006
introduced a general offense of fraud punishable by up to ten years in
prison and prohibited the development or possession of phishing kits
with the intention of committing fraud.
Companies have also joined the effort to crack down on phishing. On March 31, 2005, Microsoft filed 117 federal lawsuits in the U.S. District Court for the Western District of Washington. The lawsuits accuse "John Doe" defendants of obtaining passwords and confidential information. March 2005 also saw a partnership between Microsoft and the Australian government teaching law enforcement officials how to combat various cyber crimes, including phishing. Microsoft announced a planned further 100 lawsuits outside the U.S. in March 2006, followed by the commencement, as of November 2006, of 129 lawsuits mixing criminal and civil actions. AOL reinforced its efforts against phishing in early 2006 with three lawsuits seeking a total of US$18 million under the 2005 amendments to the Virginia Computer Crimes Act, and Earthlink has joined in by helping to identify six men subsequently charged with phishing fraud in Connecticut.
In January 2007, Jeffrey Brett Goodin of California became the first defendant convicted by a jury under the provisions of the CAN-SPAM Act of 2003.
He was found guilty of sending thousands of emails to AOL users, while
posing as the company's billing department, which prompted customers to
submit personal and credit card information. Facing a possible 101 years
in prison for the CAN-SPAM violation and ten other counts including wire fraud,
the unauthorized use of credit cards, and the misuse of AOL's
trademark, he was sentenced to serve 70 months. Goodin had been in
custody since failing to appear for an earlier court hearing and began
serving his prison term immediately.
A telephone is a telecommunications device that permits two or more users to conduct a conversation when they are too far apart to be easily heard directly. A telephone converts sound, typically and most efficiently the human voice, into electronic signals that are transmitted via cables
and other communication channels to another telephone which reproduces
the sound to the receiving user. The term is derived from Greek: τῆλε (tēle, far) and φωνή (phōnē, voice), together meaning distant voice. A common short form of the term is phone, which came into use early in the telephone's history.
In 1876, Alexander Graham Bell was the first to be granted a United States patent for a device that produced clearly intelligible replication of the human voice at a second device. This instrument was further developed by many others, and became rapidly indispensable in business, government, and in households.
The essential elements of a telephone are a microphone (transmitter) to speak into and an earphone (receiver) which reproduces the voice at a distant location. The receiver and transmitter are usually built into a handset which is held up to the ear and mouth during conversation. The transmitter converts the sound waves to electrical signals
which are sent through the telecommunication system to the receiving
telephone, which converts the signals into audible sound in the receiver
or sometimes a loudspeaker. Telephones permit transmission in both directions simultaneously.
Most telephones also contain an alerting feature, such as a ringer
or a visual indicator, to announce an incoming telephone call.
Telephone calls are initiated most commonly with a keypad or dial,
affixed to the telephone, to enter a telephone number,
which is the address of the call recipient's telephone in the
telecommunication system, but other methods existed in the early history
of the telephone.
The first telephones were directly connected to each other from
one customer's office or residence to another customer's location. Being
impractical beyond just a few customers, these systems were quickly
replaced by manually operated centrally located switchboards. These exchanges were soon connected together, eventually forming an automated, worldwide public switched telephone network.
For greater mobility, various radio systems were developed for
transmission between mobile stations on ships and automobiles in the
mid-20th century. Hand-held mobile phones
were introduced for personal service starting in 1973. In later
decades, their analog cellular system evolved into digital networks with
greater capability and lower cost.
Convergence in communication services has provided a broad spectrum of capabilities in cell phones, including mobile computing, giving rise to the smartphone, the dominant type of telephone in the world today.
Before the development of the electric telephone, the term telephone
was applied to other inventions, and not all early researchers of the
electrical device used the term. Perhaps the earliest use of the word
for a communications system was the telephon created by Johann Sigismund Gottfried Huth [de] in 1796. Huth proposed an alternative to the optical telegraph of Claude Chappe
in which the operators in the signaling towers would shout to each
other by means of what he called "speaking tubes", but would now be
called giant megaphones. A communication device for sailing vessels, called telephone, was invented by Captain John Taylor in 1844. This instrument used four air horns to communicate with vessels in foggy weather.
Johann Philipp Reis used the term in reference to his invention, commonly known as the Reis telephone, in c. 1860. His device appears to be the first device based on the conversion of sound into electrical impulses.
The term telephone was adopted into the vocabulary of many languages. It is derived from the Greek: τῆλε, tēle, "far" and φωνή, phōnē, "voice", together meaning "distant voice".
Credit for the invention of the electric telephone is frequently disputed. As with other influential inventions such as radio, television, the light bulb, and the computer, several inventors pioneered experimental work on voice transmission over a wire and improved on each other's ideas. New controversies over the issue still arise from time to time. Charles Bourseul, Antonio Meucci, Johann Philipp Reis, Alexander Graham Bell, and Elisha Gray, amongst others, have all been credited with the invention of the telephone.
Alexander Graham Bell was the first to be awarded a patent for the electric telephone by the United States Patent and Trademark Office (USPTO) in March 1876.
Before Bell's patent, the telephone transmitted sound in a way that was
similar to the telegraph. This method used vibrations and circuits to
send electrical pulses, but was missing key features. Bell found that
this method produced a sound through intermittent currents, but in order
for the telephone to work a fluctuating current reproduced sounds the
best. The fluctuating currents became the basis for the working
telephone, creating Bell's patent. That first patent by Bell was the master patent of the telephone, from which other patents for electric telephone devices and features flowed.
In 1876, shortly after Bell's patent application, Hungarian engineer Tivadar Puskás proposed the telephone switch, which allowed for the formation of telephone exchanges, and eventually networks.
In the United Kingdom, the blower is used as a slang term for a telephone. The term came from navy slang for a speaking tube.
In the U.S., a somewhat dated slang term refers to the telephone as
"the horn", as in "I couldn't get him on the horn", or "I'll be off the
horn in a moment."
1844: Innocenzo Manzetti
first mooted the idea of a "speaking telegraph" or telephone. Use of
the "speaking telegraph" and "sound telegraph" monikers would eventually
be replaced by the newer, distinct name, "telephone".
26 August 1854: Charles Bourseul published an article in the magazine L'Illustration
(Paris): "Transmission électrique de la parole" (electric transmission
of speech), describing a "make-and-break" type telephone transmitter
later created by Johann Reis.
26 October 1861: Johann Philipp Reis (1834–1874) publicly demonstrated the Reis telephone before the Physical Society of Frankfurt.
Reis's telephone was not limited to musical sounds. Reis also used his
telephone to transmit the phrase "Das Pferd frisst keinen Gurkensalat"
("The horse does not eat cucumber salad").
22 August 1865, La Feuille d'Aoste reported "It is rumored
that English technicians to whom Manzetti illustrated his method for
transmitting spoken words on the telegraph wire intend to apply said
invention in England on several private telegraph lines". However, telephones would not be demonstrated there until 1876, with a set of telephones from Bell.
28 December 1871: Antonio Meucci files patent caveatNo. 3335
in the U.S. Patent Office, titled "Sound Telegraph", describing
communication of voice between two people by wire. A patent caveat was
not an invention patent award, but only an unverified notice filed by an individual that he or she intends to file a patent application in the future.
1874: Meucci, after having renewed the caveat for two years does not renew it again, and the caveat lapses.
6 April 1875: Bell's U.S. Patent 161,739 "Transmitters and Receivers
for Electric Telegraphs" is granted. This uses multiple vibrating steel
reeds in make-break circuits.
11 February 1876: Elisha Gray invents a liquid transmitter for use with the telephone but does not build one.
14 February 1876: Gray files a patent caveat for transmitting the human voice through a telegraphic circuit.
14 February 1876: Alexander Graham Bell
applies for the patent "Improvements in Telegraphy", for
electromagnetic telephones using what is now called amplitude modulation
(oscillating current and voltage) but which he referred to as
"undulating current".
19 February 1876: Gray is notified by the U.S. Patent Office of an
interference between his caveat and Bell's patent application. Gray
decides to abandon his caveat.
7 March 1876: Bell's U.S. patent 174,465 "Improvement in Telegraphy"
is granted, covering "the method of, and apparatus for, transmitting
vocal or other sounds telegraphically…by causing electrical undulations,
similar in form to the vibrations of the air accompanying the said
vocal or other sound."
10 March 1876: The first successful telephone transmission of clear
speech using a liquid transmitter when Bell spoke into his device, "Mr.
Watson, come here, I want to see you." and Watson heard each word
distinctly.
30 January 1877: Bell's U.S. patent 186,787 is granted for an
electromagnetic telephone using permanent magnets, iron diaphragms, and a
call bell.
27 April 1877: Thomas Edison
files a patent application for a carbon (graphite) transmitter. It was
published as No. 474,230 on 3 May 1892, after a 15-year delay because of
litigation. Edison was granted patent 222,390 for a carbon granules
transmitter in 1879.
Early commercial instruments
Early telephones were technically diverse. Some used a water microphone, some had a metal diaphragm that induced current in an electromagnet wound around a permanent magnet, and some were dynamic
– their diaphragm vibrated a coil of wire in the field of a permanent
magnet or the coil vibrated the diaphragm. The sound-powered dynamic
variants survived in small numbers through the 20th century in military
and maritime applications, where its ability to create its own
electrical power was crucial. Most, however, used the Edison/Berliner carbon transmitter, which was much louder than the other kinds, even though it required an induction coil which was an impedance matching
transformer to make it compatible with the impedance of the line. The
Edison patents kept the Bell monopoly viable into the 20th century, by
which time the network was more important than the instrument.
Early telephones were locally powered, using either a dynamic
transmitter or by the powering of a transmitter with a local battery.
One of the jobs of outside plant
personnel was to visit each telephone periodically to inspect the
battery. During the 20th century, telephones powered from the telephone
exchange over the same wires that carried the voice signals became
common.
Early telephones used a single wire for the subscriber's line, with ground return used to complete the circuit (as used in telegraphs).
The earliest dynamic telephones also had only one port opening for
sound, with the user alternately listening and speaking (or rather,
shouting) into the same hole. Sometimes the instruments were operated in
pairs at each end, making conversation more convenient but also more
expensive.
At first, the benefits of a telephone exchange were not exploited. Instead, telephones were leased in pairs to a subscriber,
who had to arrange for a telegraph contractor to construct a line
between them, for example, between a home and a shop. Users who wanted
the ability to speak to several different locations would need to obtain
and set up three or four pairs of telephones. Western Union, already using telegraph exchanges, quickly extended the principle to its telephones in New York City and San Francisco, and Bell was not slow in appreciating the potential.
Signalling began in an appropriately primitive manner. The user alerted the other end, or the exchange operator, by whistling into the transmitter. Exchange operation soon resulted in telephones being equipped with a bell in a ringer box, first operated over a second wire, and later over the same wire, but with a condenser (capacitor) in series with the bell coil to allow the AC ringer signal through while still blocking DC (keeping the phone "on hook"). Telephones connected to the earliest Strowger switch automatic exchanges had seven wires, one for the knife switch, one for each telegraph key, one for the bell, one for the push-button and two for speaking. Large wall telephones in the early 20th century usually incorporated the bell, and separate bell boxes for desk phones dwindled away in the middle of the century.
Rural and other telephones that were not on a common battery exchange had a magneto
hand-cranked generator to produce a high voltage alternating signal to
ring the bells of other telephones on the line and to alert the
operator. Some local farming communities that were not connected to the
main networks set up barbed wire telephone lines that exploited the existing system of field fences to transmit the signal.
In the 1890s a new smaller style of telephone was introduced,
packaged in three parts. The transmitter stood on a stand, known as a "candlestick"
for its shape. When not in use, the receiver hung on a hook with a
switch in it, known as a "switchhook". Previous telephones required the
user to operate a separate switch to connect either the voice or the
bell. With the new kind, the user was less likely to leave the phone
"off the hook". In phones connected to magneto exchanges, the bell,
induction coil, battery and magneto were in a separate bell box or "ringer box".
In phones connected to common battery exchanges, the ringer box was
installed under a desk, or other out-of-the-way place, since it did not
need a battery or magneto.
Cradle designs were also used at this time, having a handle with the receiver and transmitter attached, now called a handset,
separate from the cradle base that housed the magneto crank and other
parts. They were larger than the "candlestick" and more popular.
Disadvantages of single-wire operation such as crosstalk and hum from nearby AC power wires had already led to the use of twisted pairs and, for long-distance telephones, four-wire circuits. Users at the beginning of the 20th century did not place long-distance calls from their own telephones but made an appointment and were connected with the assistance of a telephone operator.
What turned out to be the most popular and longest-lasting
physical style of telephone was introduced in the early 20th century,
including Bell's 202-type
desk set. A carbon granule transmitter and electromagnetic receiver
were united in a single molded plastic handle, which when not in use was
secured in a cradle in the base unit. The circuit diagram of the model
202 shows the direct connection of the transmitter to the line, while
the receiver was inductively coupled. In local battery configurations,
when the local loop was too long to provide sufficient current from the
exchange, the transmitter was powered by a local battery and inductively
coupled, while the receiver was included in the local loop.
The coupling transformer and the ringer were mounted in a separate
enclosure, called the subscriber set. The dial switch in the base
interrupted the line current by repeatedly but very briefly
disconnecting the line one to ten times for each digit, and the hook
switch (in the center of the circuit diagram) disconnected the line and
the transmitter battery while the handset was on the cradle.
In the 1930s, telephone sets were developed that combined the
bell and induction coil with the desk set, obviating a separate ringer
box. The rotary dial
becoming commonplace in the 1930s in many areas enabled customer-dialed
service, but some magneto systems remained even into the 1960s. After
World War II, the telephone networks saw rapid expansion and more
efficient telephone sets, such as the model 500 telephone
in the United States, were developed that permitted larger local
networks centered around central offices. A breakthrough new technology
was the introduction of Touch-Tone signaling using push-button telephones by American Telephone & Telegraph Company (AT&T) in 1963.
Ericsson DBH 1001 (ca. 1931), the first combined telephone made with a Bakelite housing and handset
The development of digital data communications methods made it
possible to digitize voice and transmit it as real-time data across computer networks and the Internet, giving rise to the field of Internet Protocol (IP) telephony, also known as voice over Internet Protocol (VoIP). VoIP has proven to be a disruptive technology that is rapidly replacing traditional telephone network infrastructure.
By January 2005, up to 10% of telephone subscribers in Japan and South Korea had switched to this digital telephone service. A January 2005 Newsweek article suggested that Internet telephony may be "the next big thing." The technology has spawned a new industry comprising many VoIP companies that offer services to consumers and businesses. The reported global VoIP market in October 2021 was $85.2 billion with a projection of $102.5 billion by 2026.
IP telephony uses high-bandwidth Internet connections and
specialized customer premises equipment to transmit telephone calls via
the Internet, or any modern private data network. The customer equipment
may be an analog telephone adapter (ATA) which translates the signals of a conventional analog telephone; an IP Phone, a dedicated standalone device; or a computer softphone application, utilizing the microphone and headset devices of a personal computer or smartphone.
While traditional analog telephones are typically powered from
the central office through the telephone line, digital telephones
require a local power supply.
Internet-based digital service also requires special provisions to
provide the service location to the emergency services when an emergency telephone number is called.
A cordless telephone or portable telephone consists of a base station unit and one or more portable cordless handsets.
The base station connects to a telephone line, or provides service by
voice over IP (VOIP). The handset communicates with the base station via
radio frequency
signals. A handset's operational range is limited, usually to within
the same building or within a short distance from the base station.
Base station
Base stations include a radio transceiver which enables full-duplex,
outgoing and incoming signals and speech with the handsets. The base
station often includes a microphone, audio amplifier, and a loudspeaker to enable hands-free speakerphone
conversations, without needing to use a handset. The base station may
also have a numeric keypad for dialing, and a display for caller ID. In addition, answering machine function may be built in.
The cordless handset contains a rechargeable battery,
which the base station recharges when the handset rests in its cradle.
Muilt-handset systems generally also have additional charging stands. A
cordless telephone typically requires a constant electricity supply to power the base station and charger units by means of a DC transformer which plugs into a wall AC power outlet.
A mobile phone or cellphone or hand phone is a handheld telephone which connects via radio transmissions to a cellular telephone network.
The cellular network consists of a network of ground based
transmitter/receiver stations with antennas – which are usually located
on towers or on buildings – and infrastructure connecting to land-based
telephone lines. Analog cellular networks first appeared in 1979, with the first digital cellular networks appearing in the early 1990s.
Mobile phones generally incorporate an LCD or OLED
display, with some types, such as smartphones, having touch screens.
Since the 1990s, mobile phones have gained other features which are not
directly related to their primary function as telephones. These include
text messaging, calendars, alarm clocks, personal schedulers, cameras,
music players, games and later, internet access and smartphone functionality. Nearly all mobile phones have the ability to send text messages to other users via the SMS (Short Message Service) protocol. The multimedia messaging service
(MMS) protocol enables users to send and receive multimedia content,
such as photos, audio files and video files. As their functionality has
increased over the years, many types of mobile phone, notably
smartphones, require an operating system to run. Popular mobile phone operating systems in the past have included Symbian, Palm OS, BlackBerry OS and mobile phone versions of Windows. As of 2022, the most used operating systems are Google's Android and Apple's iOS.
Before the era of smartphones, mobile phones were generally
manufactured by companies specializing in telecommunications equipment,
such as Nokia, Motorola, and Ericsson. Since the advent of smartphones, consumer electronics companies, such as Apple, Samsung, and Xiaomi, have become mobile phone manufacturers.
Mobile phone usage
In 2002, only 10% of the world's population used mobile phones and by 2005 that percentage had risen to 46%.
By the end of 2009, there were a total of nearly 6 billion mobile and
fixed-line telephone subscribers worldwide. This included 1.26 billion
fixed-line subscribers and 4.6 billion mobile subscribers.
As of 2022, most mobile phones are smartphones, being a combination
of a mobile phone and a personal computing device in the same unit. Most
smartphones are primarily operated using a graphical user interface and a touch screen. Many phones have a secondary voice user interface, such as Siri on Apple iPhones,
which can operate many of the device's functions, as well as enabling
users to use spoken commands to interact with the internet. Typically
alphanumeric text input is accomplished via an on-screen virtual
keyboard, although some smartphones have a small physical keyboard.
Smartphones offer the ability to access internet data through the
cellular network and via wi-fi, and usually allow direct connectivity to
other devices via Bluetooth or a wired interface, such as USB or Lightning connectors. Smartphones, being able to run apps,
have vastly expanded functionality compared to previous mobile phones.
Having internet access and built in cameras, smartphones have made video calling
readily accessible via IP connections. Smartphones also have access to
a large number of web services and web apps, giving them functionality
similar to traditional computers, although smartphones are often limited
by their relatively small screen size and the size of their keyboards.
Typically, smartphones feature such tools as cameras, media players,
web browsers, email clients, interactive maps, satellite navigation and a
variety of sensors, such as a compass, accelerometers and GPS receivers.
In addition to voice calls, smartphone users commonly communicate
using a wide variety of messaging formats, including SMS, MMS, email,
and various proprietary messaging services, such as iMessage and various social media platforms.
A satellite telephone, or satphone, is a type of mobile phone that connects to other phones or the telephone network by radio link through satellites orbiting the Earth instead of terrestrial cell sites, as cellphones
do. Therefore, they can work in most geographic locations on the
Earth's surface, as long as open sky and the line-of-sight between the
phone and the satellite is provided. Depending on the architecture of a
particular system, coverage may include the entire Earth or only
specific regions. Satellite phones provide similar functionality to
terrestrial mobile telephones; voice calling, text messaging, and low-bandwidth Internet
access are supported through most systems. The advantage of a satellite
phone is that it can be used in such regions where local terrestrial
communication infrastructures, such as landline and cellular networks, are not available.
Satellite phones are popular on expeditions into remote
locations, hunting, fishing, maritime sector, humanitarian missions,
business trips, and mining in hard-to-reach areas, where there is no
reliable cellular service.
Satellite telephones rarely get disrupted by natural disasters on Earth
or human actions such as war, so they have proven to be dependable communication tools in emergency situations, when the local communications system can be compromised.