International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016
p-ISSN: 2395-0072
www.irjet.net
STUDY ON PHISHING ATTACKS AND ANTIPHISHING TOOLS Dr.Radha Damodaram Associate Professor, School of Computer Science,CMS College of Science & Commerce, Coimbatore, Tamili Nadu, India ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - The Internet has a remarkable platform
usability evaluation, a number of usability issues may found. [13].
for common people communication. Persons with criminal mind have found a way of stealing personal information without actually meeting them and with the least risk of being caught. It is called Phishing. Phishing poses a huge threat to the e-commerce industry. Not only does it shatter the confidence of customers towards e-commerce, but also causes electronic service providers tremendous economic loss. Hence it is essential to know about phishing. This paper gives awareness about phishing attacks and anti-phishing tools.
2. STEPS IN PHISHING A person who engaged in malware activities is called a phisher. Phishing attacks today typically employ generalized “lures”, intimidating users and creating fear – a common example is “we need you to confirm your account details or we must shut your account down”. An approach which is believed to become more and more common is context aware attack: this is a more complex approach as it not only uses threat or enticement, but makes the victim think of the messages as expected, and therefore legitimate.
Key Words: Phishing, phishing steps, phishing types, Anti-phishing tools. 1. INTRODUCTION
The method used by phishers is usually to make fraudulent websites, similar to the genuine website by mimicking the HTML code containing the same images, text and sections. Some phishing websites register a similar domain name to the legitimate website of a company or a bank. The most common method used by phishers is by forms, for example, the Internet Banking login page or a form for password verification. Many phishing attempts use domain spoofing or homographic attacks (Gabrilovich & Gontmakher) as a step towards persuading victims to give out personal information.
Phishing is an act of attempting a victim for fraudulently acquires sensitive information by impersonating a trustworthy third party, which could be a person or a reputed business in an electronic communication. The objective of phishing attack is to trick recievers into divulging sensitive information such as bank account numbers, passwords and credit card details. For instance, a phisher may misrepresenting himself as a large banking corporation or popular on-line auction site will have a reasonable yield, despite knowing little to nothing about the recipient [12].
A phisher could target many kinds of confidential information, including user names and passwords, credit card numbers, bank account numbers, and other personal information. In a study by Gartner (Gartner Inc, 2004), about 19% of all those surveyed reported having clicked on a link in a phishing email, and 3% admitted to giving up financial or personal information [11].
Both academia and industrial practitioners have proposed various anti-phishing measures in order to safeguard the interests of customers, and online security policies. Some commercial anti-spam and anti-phishing products prohibit email from "blacklisted" sites that they claim send spam and phishing email, while allowing email claiming to be from "whitelisted" sites they claim are known not to send it. This approach tends to unfairly discriminate against smaller and less-known sites, and would seem to be anticompetitive. . Due to the obvious usability problems of security toolbars, it can affect the performance of these toolbars ultimately.
A common phishing attack is (for a phisher) to obtain a victim's authentication information corresponding to one website (that is corrupted by the attacker) and then use this at another site. This is a meaningful attack given that many computer users reuse passwords – whether in verbatim or with only slight modifications. The phishing attack lifecycle can be decomposed in :
The usability evaluation is indispensable for the future. Now a days five typical anti-phishing toolbars are in use as built-in phishing prevention in the Internet Explorer 7.0, Google toolbar, Netcraft Anti-phishing toolbar and SpoofGuard. In addition, internet Explorer plug-in, Antiphishing IEPlug. Indeed, according to the heuristic © 2016, IRJET |
Impact Factor value: 4.45
|
Planning, Setup, Attack, Collection,
ISO 9001:2008 Certified Journal
|
Page 700