M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol.

4 (6) , 2013, 783-786

A Comprehensive Study of Phishing Attacks

Dr. M. Nazreen Banu S. Munawara Banu

Professor, Department of MCA Assistant Professor, Department of IT

M.A.M College of Engineering Jamal Mohamed College(Autonomous)
Tiruchirappalli Tiruchirappalli

Abstract- Now a days one of the highly used techniques to attacks. The paper is organized as follows. The section II will
pursue online stealing of data and to do fraudulent transactions have an outline of the types of phishing. The section III deals
is phishing. Phishing is a form of online identity theft that aims with the theoretical aspects of the phishing techniques. The
to steal sensitive information such as online passwords and section IV describes the categories of anti-phishing
credit card information. It is affecting all the major sectors of
industry day by day with a lot of misuse of user credentials. To
techniques. Finally conclusion given in section V.
stop phishing many detection and prevention techniques has
been made with their own advantages and disadvantages II. TYPES OF PHISHING
respectively, but phishing has not been eradicated completely Phishing has spread beyond e-mail to include VOIP, SMS,
yet. In this paper , we have studied phishing and its types in Instant messaging, social networking sites and even
detail and reviewed some of the phishing and anti phishing multiplayer games. Below are some major categories of
techniques. phishing.
A. Clone phishing
Keywords- Phishing, Anti-phishing, Malware, Web Clone phishing is a type of phishing attack where hacker
spoofing. tries to clone a web site that is victim usually visits. The
clone web site usually asks for login credentials, mimicking
I. INTRODUCTION the real websites. This will allow the attackers to save these
Phishing is a form of online identity theft that aims to steal credentials in a text file, database record on his own server,
sensitive information such as online passwords and credit then the attacker redirects his victim to the real websites as a
card information[1]. Phishing attacks use a combination of authenticated user[2]. Fig 2 depicts how the hackers clone the
social engineering and technology spoofing techniques to face book profiles.
persuade users into giving away sensitive information that the
attacker can used to make financial profit. Normally phishers
hijack a banks web pages and send emails to the victim in
order to trick the victim to visit the malicious site in order to
collect the victim bank account information and card number.
The information flow is depicted in Fig 1.

Fig 2: Clone phishing in Facebook profiles

B. Spear phishing
Spear phishing targets at specific group. So instead of
Fig 1: Information Flow in phishing casting out thousands of e-mails randomly spear phishers
target selected groups of people with something in
A complete phishing attack involves the roles of phisher. common[3]. For example, people from same organisation.
Firstly mailers send out large number of fraudulent e-mails Spear phishing is represented in Fig 3.
which directs uses to fraudulent websites. Secondly collector
set up fraudulent websites which actively prompt users to
provide confidential information. Finally cashers use the
confidential information to achieve a payout. Goal of this
paper is to present on extensive overview of the phishing

www.ijcsit.com 783
 M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786

If we are typing the domain name www.barclays.co.uk in

the address bar, it is redirected to www.google.co.uk. It is
shown in the following Fig 6.

Fig 3: Spear phishing

Fig 6: Website redirection
C. Phone phishing
This type of phishing refers to messages that claim to be
E. Man-in-the-middle-attack
form a bank asking users to dial a phone number regarding
A man-in-the-middle attack often refers to an attack in
problems with that bank accounts. SMS phishing is a
which an attacker secretly intercepts the electronic messages
variation for phone phishing. The end-users receives sms
given between the sender and receiver and then capture,
telling him that he has successfully subscribed to a service[4].
insert and modify message during message transmission[7].
If he wants to unsubscribe the service he should visit the
A man-in-the-middle attack uses Trojan horses to intercept
website now the end users visit the websites and provide
personal information. It is shown in Fig 7.
sensitive information. Fig 4 represents how an attacker gets
the user details from the user by SMS.

Fig 4: Phone phishing Fig 7: Man-In-The-Middle Attack

D. DNS-Based Phishing (Pharming) III. THEORETICAL ASPECTS OF PHISHING TECHNIQUES

Pharming is an attack aiming to redirect a website traffic Various techniques are developed to conduct phishing
to another bogus site. Pharming interfere with the resolution attacks. The phishing techniques are described as follows.
of domain name to an IP address so that domain name of A. Email spoofing
genuine web site is mapped onto IP address of rogue Email spoofing is used to make fraudulent emails appear
website[6]. DNS based phishing is depicted in Fig 5. to be from legitimate senders so that recipients are more
likely to believe in the message and take actions according to
its instructions. Email spoofing is possible because Simple
Mail Transfer Protocol does not include an authentication
mechanism. To send spoofed emails sender inserts commands
in headers that will alter message information[5]. It is
possible to send a message that appears to be from anyone
anywhere saying whatever the sender wants it to say. Fig 8
shows the example for e-mail spoofing.

Fig 5: DNS Based phishing

www.ijcsit.com 784
 M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786

the following situations occurs, the certificate is expired, the

certificate is not signed by root CA, the certificate is revoked
by CA otherwise the website host name does not match the
subject name in the certificate. Fig 11 shows the warning
message provided by web browsers. At this moment the
browser display a warning and the address bar would turn
red.

Fig 8: Email Spoofing

Fig 11: Certificate Verification

C. DNS Cache Poisoning

B. Web spoofing
DNS cache poisoning attempts to feed the cache of local
A Phisher could forge a website that looks identical to a
DNS resolves with incorrect records. DNS runs over UDP
legitimate website so that the victims may think this is the
and easy to spoof the source address of the UDP packet[9].
genuine site and enter the personal information which is
For example, attacker wants his IP address returned for a
collected by the phisher. Web spoofing creates a shadow
DNS query, when the resolver ask NS1.google.com for
copy of the World Wide Web[8]. The shadow copy is
www.google.com. The attacker could reply first, with its own
funnelled through attackers’ machine. Fig 9 shows how does
IP. Fig 12 shows the DNS poisoning attacks.
the attacker work.

Fig 9: Web spoofing

Fig 12: DNS Cache poisoning
Modern web browsers have built in security indicators
that can including domain name highlighting and HTTPS D. Malware
indicators as shown in Fig 10. They are often neglected by Malware is a software used to distrupt computer operation
careless users. Modern web browsers display a padlock icon gather sensitive information. It can appear in the form of
when visting an HTTPS web site of Hyper Text Transfer code, scripts, active content and other software. Malware
Protocol and HTTPS, Transport Layer Security, provides includes viruses, worms, trojan horses, key loggers, spyware,
encryption and identification through public key adware. Client security products are able to detect and
infrastructure. remove malware and other potentially unwanted programs.
But phishers can make malware undetectable[10]. Key
strokes, screen shots, clipboard contents and program
activities can be collected and send this information to
phishers by e-mail, ftp server or IRC channel. Malware
detection is represented in Fig 13.
Fig 10: Padlock icon in HTTPS
Web browsers examined the certificate presented by the
web browser. The certificate considered as invalid if any of

www.ijcsit.com 785
 M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786

generates phishing alerts according to the type and number of

symptoms detected.
Domain Binding- It is an client’s browser based techniques
where sensitive information is bind to a particular domains. It
warns the user when he visits a domain to which user
credential is not bind.

V. CONCLUSION
Phishing attacks are still successful because of many
inexperienced and unsophisticated internet users. The last
years have brought a dramatic increase in the number and
sophistication of such attacks. This paper provides a broad
survey of various phishing types which are used by attackers
to steal the sensitive information. This study clearly shows
that phishing techniques enables the attackers to steal the
Fig 13: Malware Warning
information efficiently. Our future work is to compare
various types of anti-phishing techniques and choose the best
IV. ANTI-PHISHING TECHNIQUES
one for further research.
AntiPhish is based on the premise that for inexperienced,
technically unsophisticated users, it is better for an
REFERENCES
application to attempt to check the trustworthiness of a web [1] Antonio San Martino, Xavier Perramon, “Phishing Secrets: History,
site on behalf of the user. Unlike a user, an application will Effects, and Countermeasures”, International Journal of Network
not be fooled by obfuscation tricks such as a similar sounding Security, Vol.11, No.3, PP.163–171, Nov. 2010.
domain name[11]. AntiPhish is an application that is [2] Clone Phishing - Phishing from Wikipedia, the free encyclopedia,
http://en.wikipedia.org/wiki/Phishing
integrated into the web browser that is depicted in Fig 14. It [3] Bimal Parmar, Faronics, “Protecting against spear-phishing”,
keeps track of a user’s sensitive information and prevents this http://www.faronics.com/assets/CFS_2012-01_Jan.pdf
information from being passed to a web site that is not [4] Phone spoofing From Wikipedia, the free encyclopedia
onsidered “trusted”. http://en.wikipedia.org/wiki/Phishing#Phone_phishing
[5] Email spoofing From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Email_spoofing
[6] John, “ DNS-Based Phishing Attack in Public Hotspots”
[7] Mattias Eriksson, “An Example of a Man-in-the-middle Attack Against
Server Authenticated SSL-sessions”
[8] Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach,
“Web Spoofing: An Internet Con Game”
[9] Joe Stewart, “DNS Cache Poisoning – The Next Generation”
[10] Malware from Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Malware
[11]Engin kirda, Christopher Kruegel, “Protecting users against Phishing
attacks”, The Computer Journal Vol. 00, No. 0, 2005
[12] Gaurav, Madhuresh Mishra, Anurag Jain, “ Anti-Phishing Techniques:
A Review”, International Journal of Engineering Research and
Applications ISSN: 2248-9622, Vol. 2, Issue 2,Mar-Apr 2012, pp.350-
Fig 14: Anti-phishing integration in Browser 355

In general anti-phishing techniques can be classified into

following four categories[12].
Content Filtering- In this methodology ontent/email are
filtered as it enters in the victim’s mail box using machine
learning methods, such as Bayesian dditive Regression Trees
or Support Vector Machines.
Black Listing- Blacklist is collection of known phishing Web
sites/addresses published by trusted entities like google’s and
Microsoft’s black list. It requires both a client & a server
component. The client component is implemented as either
an email or browser plug-in that interacts with a server
component, which in this case is a public Web site that
provides a list of known phishing sites.
Symptom-Based Prevention- Symptom-based prevention
analyses the content of each Web page the user visits and

www.ijcsit.com 786