Biblio

Phishing activity is undertaken by the hackers to compromise the computer networks and financial system. A compromised computer system or network provides data and or processing resources to the world of cybercrime. Cybercrimes are projected to cost the world \$6 trillion by 2021, in this context phishing is expected to continue being a growing challenge. Statistics around phishing growth over the last decade support this theory as phishing numbers enjoy almost an exponential growth over the period. Recent reports on the complexity of the phishing show that the fight against phishing URL as a means of building more resilient cyberspace is an evolving challenge. Compounding the problem is the lack of cyber security expertise to handle the expected rise in incidents. Previous research have proposed different methods including neural network, data mining technique, heuristic-based phishing detection technique, machine learning to detect phishing websites. However, recently phishers have started to use more sophisticated techniques to attack the internet users such as VoIP phishing, spear phishing etc. For these modern methods, the traditional ways of phishing detection provide low accuracy. Hence, the requirement arises for the application and development of modern tools and techniques to use as a countermeasure against such phishing attacks. Keeping in view the nature of recent phishing attacks, it is imperative to develop a state-of-the art anti-phishing tool which should be able to predict the phishing attacks before the occurrence of actual phishing incidents. We have designed such a tool that will work efficiently to detect the phishing websites so that a user can understand easily the risk of using of his personal and financial data.

The main objective of this research is to increase security awareness against phishing attacks in the education sector by teaching users about phishing URLs. The educational media was made based on references from several previous studies that were used as basic references. Development of antiphishing game framework educational media using the extended DPE framework. Participants in this study were vocational and college students in the technology field. The respondents included vocational and college students, each with as many as 30 respondents. To assess the level of awareness and understanding of phishing, especially phishing URLs, participants will be given a pre-test before playing the game, and after completing the game, the application will be given a posttest. A paired t-test was used to answer the research hypothesis. The results of data analysis show differences in the results of increasing identification of URL phishing by respondents before and after using educational media of the anti-phishing game framework in increasing security awareness against URL phishing attacks. More serious game development can be carried out in the future to increase user awareness, particularly in phishing or other security issues, and can be implemented for general users who do not have a background in technology.

Internet is the most widely used technology in the current era of information technology and it is embedded in daily life activities. Due to its extensive use in everyday life, it has many applications such as social media (Face book, WhatsApp, messenger etc.,) and other online applications such as online businesses, e-counseling, advertisement on websites, e-banking, e-hunting websites, e-doctor appointment and e-doctor opinion. The above mentioned applications of internet technology makes things very easy and accessible for human being in limited time, however, this technology is vulnerable to various security threats. A vital and severe threat associated with this technology or a particular application is “Phishing attack” which is used by attacker to usurp the network security. Phishing attacks includes fake E-mails, fake websites, fake applications which are used to steal their credentials or usurp their security. In this paper, a detailed overview of various phishing attacks, specifically their background knowledge, and solutions proposed in literature to address these issues using various techniques such as anti-phishing, honey pots and firewalls etc. Moreover, installation of intrusion detection systems (IDS) and intrusion detection and prevention system (IPS) in the networks to allow the authentic traffic in an operational network. In this work, we have conducted end use awareness campaign to educate and train the employs in order to minimize the occurrence probability of these attacks. The result analysis observed for this survey was quite excellent by means of its effectiveness to address the aforementioned issues.

Phishing is a security attack to acquire personal information like passwords, credit card details or other account details of a user by means of websites or emails. Phishing websites look similar to the legitimate ones which make it difficult for a layman to differentiate between them. As per the reports of Anti Phishing Working Group (APWG) published in December 2018, phishing against banking services and payment processor was high. Almost all the phishy URLs use HTTPS and use redirects to avoid getting detected. This paper presents a focused literature survey of methods available to detect phishing websites. A comparative study of the in-use anti-phishing tools was accomplished and their limitations were acknowledged. We analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is our major contribution. Also, a step wise procedure of designing an anti-phishing model is discussed to construct an efficient framework which adds to our contribution. Observations made out of this study are stated along with recommendations on existing systems.

In this paper, we propose a technique to detect phishing attacks based on behavior of human when exposed to fake website. Some online users submit fake credentials to the login page before submitting their actual credentials. He/She observes the login status of the resulting page to check whether the website is fake or legitimate. We automate the same behavior with our application (FeedPhish) which feeds fake values into login page. If the web page logs in successfully, it is classified as phishing otherwise it undergoes further heuristic filtering. If the suspicious site passes through all heuristic filters then the website is classified as a legitimate site. As per the experimentation results, our application has achieved a true positive rate of 97.61%, true negative rate of 94.37% and overall accuracy of 96.38%. Our application neither demands third party services nor prior knowledge like web history, whitelist or blacklist of URLS. It is able to detect not only zero-day phishing attacks but also detects phishing sites which are hosted on compromised domains.

Phishing is one of the major issues in cyber security. In phishing, attackers steal sensitive information from users by impersonation of legitimate websites. This information captured by phisher is used for variety of scenarios such as buying goods using online transaction illegally or sometime may sell the collected user data to illegal sources. Till date, various detection techniques are proposed by different researchers but still phishing detection remains a challenging problem. While phishing remains to be a threat for all users, persons with visual impairments fall under the soft target category, as they primarily depend on the non-visual web access mode. The persons with visual impairments solely depends on the audio generated by the screen readers to identify and comprehend a web page. This weak-link shall be harnessed by attackers in creating impersonate sites that produces same audio output but are visually different. This paper proposes a model titled "MASPHID" (Model for Assisting Screenreader users to Phishing Detection) to assist persons with visual impairments in detecting phishing sites which are aurally similar but visually dissimilar. The proposed technique is designed in such a manner that phishing detection shall be carried out without burdening the users with technical details. This model works against zeroday phishing attack and evaluate high accuracy.

Phishing is one of the major issues in cyber security. In phishing, attackers steal sensitive information from users by impersonation of legitimate websites. This information captured by phisher is used for variety of scenarios such as buying goods using online transaction illegally or sometime may sell the collected user data to illegal sources. Till date, various detection techniques are proposed by different researchers but still phishing detection remains a challenging problem. While phishing remains to be a threat for all users, persons with visual impairments fall under the soft target category, as they primarily depend on the non-visual web access mode. The persons with visual impairments solely depends on the audio generated by the screen readers to identify and comprehend a web page. This weak-link shall be harnessed by attackers in creating impersonate sites that produces same audio output but are visually different. This paper proposes a model titled "MASPHID" (Model for Assisting Screenreader users to Phishing Detection) to assist persons with visual impairments in detecting phishing sites which are aurally similar but visually dissimilar. The proposed technique is designed in such a manner that phishing detection shall be carried out without burdening the users with technical details. This model works against zeroday phishing attack and evaluate high accuracy.