Professional Documents
Culture Documents
A Comprehensive Study of Phishing Attacks
A Comprehensive Study of Phishing Attacks
Abstract- Now a days one of the highly used techniques to attacks. The paper is organized as follows. The section II will
pursue online stealing of data and to do fraudulent transactions have an outline of the types of phishing. The section III deals
is phishing. Phishing is a form of online identity theft that aims with the theoretical aspects of the phishing techniques. The
to steal sensitive information such as online passwords and section IV describes the categories of anti-phishing
credit card information. It is affecting all the major sectors of
industry day by day with a lot of misuse of user credentials. To
techniques. Finally conclusion given in section V.
stop phishing many detection and prevention techniques has
been made with their own advantages and disadvantages II. TYPES OF PHISHING
respectively, but phishing has not been eradicated completely Phishing has spread beyond e-mail to include VOIP, SMS,
yet. In this paper , we have studied phishing and its types in Instant messaging, social networking sites and even
detail and reviewed some of the phishing and anti phishing multiplayer games. Below are some major categories of
techniques. phishing.
A. Clone phishing
Keywords- Phishing, Anti-phishing, Malware, Web Clone phishing is a type of phishing attack where hacker
spoofing. tries to clone a web site that is victim usually visits. The
clone web site usually asks for login credentials, mimicking
I. INTRODUCTION the real websites. This will allow the attackers to save these
Phishing is a form of online identity theft that aims to steal credentials in a text file, database record on his own server,
sensitive information such as online passwords and credit then the attacker redirects his victim to the real websites as a
card information[1]. Phishing attacks use a combination of authenticated user[2]. Fig 2 depicts how the hackers clone the
social engineering and technology spoofing techniques to face book profiles.
persuade users into giving away sensitive information that the
attacker can used to make financial profit. Normally phishers
hijack a banks web pages and send emails to the victim in
order to trick the victim to visit the malicious site in order to
collect the victim bank account information and card number.
The information flow is depicted in Fig 1.
B. Spear phishing
Spear phishing targets at specific group. So instead of
Fig 1: Information Flow in phishing casting out thousands of e-mails randomly spear phishers
target selected groups of people with something in
A complete phishing attack involves the roles of phisher. common[3]. For example, people from same organisation.
Firstly mailers send out large number of fraudulent e-mails Spear phishing is represented in Fig 3.
which directs uses to fraudulent websites. Secondly collector
set up fraudulent websites which actively prompt users to
provide confidential information. Finally cashers use the
confidential information to achieve a payout. Goal of this
paper is to present on extensive overview of the phishing
www.ijcsit.com 783
M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786
www.ijcsit.com 784
M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786
www.ijcsit.com 785
M. Nazreen Banu et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 783-786
V. CONCLUSION
Phishing attacks are still successful because of many
inexperienced and unsophisticated internet users. The last
years have brought a dramatic increase in the number and
sophistication of such attacks. This paper provides a broad
survey of various phishing types which are used by attackers
to steal the sensitive information. This study clearly shows
that phishing techniques enables the attackers to steal the
Fig 13: Malware Warning
information efficiently. Our future work is to compare
various types of anti-phishing techniques and choose the best
IV. ANTI-PHISHING TECHNIQUES
one for further research.
AntiPhish is based on the premise that for inexperienced,
technically unsophisticated users, it is better for an
REFERENCES
application to attempt to check the trustworthiness of a web [1] Antonio San Martino, Xavier Perramon, “Phishing Secrets: History,
site on behalf of the user. Unlike a user, an application will Effects, and Countermeasures”, International Journal of Network
not be fooled by obfuscation tricks such as a similar sounding Security, Vol.11, No.3, PP.163–171, Nov. 2010.
domain name[11]. AntiPhish is an application that is [2] Clone Phishing - Phishing from Wikipedia, the free encyclopedia,
http://en.wikipedia.org/wiki/Phishing
integrated into the web browser that is depicted in Fig 14. It [3] Bimal Parmar, Faronics, “Protecting against spear-phishing”,
keeps track of a user’s sensitive information and prevents this http://www.faronics.com/assets/CFS_2012-01_Jan.pdf
information from being passed to a web site that is not [4] Phone spoofing From Wikipedia, the free encyclopedia
onsidered “trusted”. http://en.wikipedia.org/wiki/Phishing#Phone_phishing
[5] Email spoofing From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Email_spoofing
[6] John, “ DNS-Based Phishing Attack in Public Hotspots”
[7] Mattias Eriksson, “An Example of a Man-in-the-middle Attack Against
Server Authenticated SSL-sessions”
[8] Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach,
“Web Spoofing: An Internet Con Game”
[9] Joe Stewart, “DNS Cache Poisoning – The Next Generation”
[10] Malware from Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Malware
[11]Engin kirda, Christopher Kruegel, “Protecting users against Phishing
attacks”, The Computer Journal Vol. 00, No. 0, 2005
[12] Gaurav, Madhuresh Mishra, Anurag Jain, “ Anti-Phishing Techniques:
A Review”, International Journal of Engineering Research and
Applications ISSN: 2248-9622, Vol. 2, Issue 2,Mar-Apr 2012, pp.350-
Fig 14: Anti-phishing integration in Browser 355
www.ijcsit.com 786