Announcement Announcement Module
No announcement yet.
Phishing Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Phishing

    Phishing also called ‘brand spoofing’ had its origin from two words ‘fishing for passwords’ or ‘password harvesting. It can be defined as a deceptive or fraud activity done inorder to steal passwords, usernames and other personal information for earning money or for some other gains from the victim. This is done mainly through fake emails and websites which victim feels as a genuine one. These mails or website ask for the personal details and victim enters the details thinking it as a legitimate one. Once victim enter the details it will be stored to phisher’s database. Now phisher can use these details for conducting illegal activities for gaining something from victim. Thus phishing had become a threat to information security and internet privacy.
    Nowadays many antiphishing techniques are there to tackle the problems due to phishing. As known, no single technology can completely remove the problems. But, good knowledge about phishing along with the available antiphishing techniques, one can keep away from phishing to a very large extend. Antiphishing softwares actually monitor the mails and websites using by a person and give alerts if it finds something malicious.Precaution is always better than cure. So by knowing more about phishing one can keep away from it.

    The simplified flow of information in a Phishing attack is:-

    1. A deceptive message is sent from the Phishers to the user.
    2. A user provides confidential information to a Phishing server (normally after some interaction with the server).
    3. The Phishers obtains the confidential information from the server.
    4. The confidential information is used to impersonate the user.
    5. The Phishers obtains illicit monetary gain.


    Many phishing techniques are available today. Here ten techniques are explained.

    2.1. Emails or spam

    Phishers send same mails to many people requesting to fill one’s personal details. The speciality of these mails is that it will have a very genuine look and also have an urgent note. This will make a person to fill the details asked in it as a reply without knowing about the hidden cheating behind it. Sometimes, they may be asked to fill out a form to access a new service through a link which is provided in the email.

    2.2. Web Based Delivery

    Most sophisticated phishing technique also called ‘man in middle’ is a technique in which a phisher is situated in the middle of a legitimate website and its user. During the transaction of details between legitimate website and user, phisher traces it out and gather it without user knowing about it.

    2.3. Instant Messaging

    This technique takes us to fake website through links which look like a legitimate one. This link comes to the user through mails. It will be harder to understand that a site is fake one if one does not look at URL of the given link. In this site user will be asked to enter the personal information.

    2.4. Trojan Host

    This is an invisible hacker who log in to one’s user account through local machine and take that person’s personal information to the phisher’s hand.

    2.5. Link Manipulation

    Link manipulation is a technique in which a link will be send to a website and if the user clicks on this fake link, the user will be taken to phisher’s website which asks for personal information. One can identify fake link by passing mouse through the link. If the URL and visible name of link are different then the link will be most probably a fake one

    2.6. Key Loggers

    Key loggers are malware that can identify inputs from keyboard and send them to the hacker who can decipher password and other personal informations. Hacker can then give this to the phisher. This can be avoided by giving entries through virtual keyboard through mouse click.

    2.7. Content Injection

    In this technique content of a reliable website will be changed or altered. This can lead the user to fake website of phisher where user will be asked for the personal information.

    2.8. Phishing through Search Engines

    Some using search engine tries to find out websites to buy something online or for some other services. As a result it will give many sites but it may have phisher’s websites also with attractive offers. This is because fake website must have hosted lawfully. When the user tries to buy the product by entering the credit card details, it is collected by the phishing site. There are many fake bank websites offering credit cards or loans to users at a low rate but they are actually phishing sites.

    2.9. Malware Phishing

    Phishing scams involving malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once the user click on the link, the malware will start functioning. Sometimes, the malware may also be attached to downloadable files.Phishers take advantage of the vulnerability of web security services to gain sensitive information which is used for fraudulent purposes. This is why it’s always a good idea to learn about the various phishing techniques.



    We can understand an email coming in the name of PayPal is fake by following things:
    • Spelling mistakes.
    • IP address in the link.
    • Lack of personal greetings. A real mail from PayPal greets one by name only.
    • Grammatical mistakes etc:-
    Fake emails coming in the name of PayPal will look very realistic. It will even have warning stating not to enter the personal details as there is a chance for phishing and lead you to a website to give more instruction to keep away from phishing. At the end of this instruction user will be asked to verify their account. Once if the user click the link, a fake website of PayPal created by the phisher appears and there the user will be asked to enter the sensitive information.


    Phisher sends a link to a website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link.


    Make one believe it is from a legitimate website and phisher will get the personal informations.


    Once enough personal information is obtained, phisher will start identity theft. Main feature of this identity theft is repeated victimization of a single person. Reason for this is that, it takes a long time for the victim to detect something wrong. Here are the some of the uses of stolen personal information which are the real reason for phisher to perform phishing.

    4.1. SOME OF THE USES:

    4.1.1. Taking over existing accounts

    Once phisher have enough personal details he can contact the organization with whom victim have account by masquerading himself as victim. Phisher can then take control of this account by changing mail address or other credentials used to access the account.

    4.1.2. Ordering goods online using a drop-site

    Phisher can do online shopping with the help of personal details obtained by phishing. Phisher can then make another person to deliver the product from merchant at any drop-site and that person repackages the products and sends it to the phisher. Peculiarity of this theft is that person assigned by phisher can escape from a case related to it by giving genuine reasons.

    4.1.3. Hijacking email accounts

    Service account hijacking, a form of computer fraud, involves taking over the victim’s email address, domain name, chat account or other computer based identifiers, and sending messages to others in the name of the victim. Usually this type of identity theft is related more to defamation than to fraud for economic gain, although it can be used for the latter. Another common purpose for hijacking internet accounts is to send spam.


    Three distinct impact of phishing are given below :

    • Direct Financial Loss: Depending on the type of fraud that a criminal commits with the aid of stolen identifying data, consumers and businesses may lose money. Indeed, small e-commerce businesses may be particularly hard-hit by identity fraud. For example, because of credit card association policies, an online merchant who accepts a credit card number that later proves to have been acquired by identity theft may be liable for the full amount of the fraudulent transactions involving that card number.
    • Erosion of Public Trust in the Internet: Phishing also undermines the public’s trust in the Internet. By making consumers uncertain about the integrity of commercial and financial websites, and even the Internet’s addressing system, phishing can make them less likely to use the Internet for business transactions. People who cannot trust where they are on the World Wide Web are less likely to use it for legitimate commerce and communications. This perspective finds support in a 2005 Consumer Reports survey, which showed declining confidence in the security of the Internet. Among several findings, the survey found that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft, and of those, 30 percent say that they reduced their overall usage. Furthermore, 25 percent say they have stopped shopping online, while 29 percent of those that still shop online say they have decreased the frequency of their purchases.
    • Difficulties in Law Enforcement Investigations: Unlike certain other types of identity theft that law enforcement agencies can successfully investigate in a single geographic area (e.g., theft of wallets, purses, or mail), phishing – like other types of crime that exploit the Internet -- can be conducted from any location where phishers can obtain Internet access. This can include situations in which a phisher in one country takes control of a computer in another country, then uses that computer to host his phishing website or send his phishing e-mails to residents of still other countries. Moreover, online criminal activity in recent years has often reflected clear cut divisions of labor. For example, in an online fraud scheme, the tasks of writing code, locating hosts for phishing sites, spamming, and other components of a full-scale phishing operation may be divided among people in various locations. This means that in some phishing investigations, timely cooperation between law enforcement agencies in multiple countries may be necessary for tracing, identification, and apprehension of the criminals behind the scheme.


    Anti-phishing refers to the method employed in order to detect and prevent phishing attacks. Anti-phishing protects users from phishing. A lot of work has been done on anti-phishing devising various anti-phishing techniques. Some techniques works on emails, some works on attributes of web sites and some on URL of the websites. Many of these techniques focus on enabling clients to recognize & filter various types of phishing attacks. In general anti-phishing techniques can be classified into following four categories.
    • Content Filtering- In this methodology Content/email are filtered as it enters in the victim’s mail box using machine learning methods, such as Bayesian Additive Regression Trees (BART) .
    • Black Listing- Blacklist is collection of known phishing Web sites/addresses published by trusted entities like google’s and Microsoft’s black list. It requires both a client & a server component. The client component is implemented as either an email or browser plug-in that interacts with a server component, which in this case is a public Web site that provides a list of known phishing sites.
    • Symptom-Based Prevention- Symptom-based prevention analyses the content of each Web page the user visits and generates phishing alerts according to the type and number of symptoms detected.
    • Domain Binding- It is a client’s browser based techniques where sensitive information (eg. name, password) is bind to a particular domain. It warns the user when he visits a domain to which user credential is not bind.

    6.1.1. Attribute based anti-phishing techniques

    Attribute-based anti-phishing strategy implements both reactive and proactive anti-phishing defenses. This technique has been implemented in PhishBouncer tool. The Image Attribution check does a comparison of images of visiting site and the sites already registered with phishbouncer. The HTML Crosslink check looks at responses from nonregistered sites and counts the number of links the page has to any of the registered sites. A high number of cross-links is indicative of a phishing site. In false info feeder check ,false information is input and if that information is accepted by site then it is probable that link is phished one.
    • Advantage: As attribute based anti-phishing considers a lot of checks so it is able to detect more phished sites than other approaches. It can detect known as well as unknown attacks.
    • Disadvantage: As multiple checks perform to authenticate site this could result in slow response time.

    6.1.2. Genetic Algorithm Based Anti Phishing Techniques

    It is an approach of detection of phishing web pages using genetic algorithm. Genetic algorithms can be used to evolve simple rules for preventing phishing attacks. These rules are used to differentiate normal website from anomalous website. These anomalous websites refer to events with probability of phishing attacks. The rules stored in the rule base are usually in the following form:
    if { condition } then { act }
    For example, a rule can be defined as:
    If {The IP address of the URL in the received e-mail finds any match in the Rule set}
    {Phishing e-mail
    This rule can be explained as: if there exists an IP address of the URL in e-mail and it does not match the defined Rule Set for White List then the received mail is a phishing mail.
    • Advantage: It provides the feature of malicious status notification before the user reads the mail. It also provides malicious web link detection in addition of phishing detection.
    • Disadvantage: Single rule for phishing detection like in case of URL is far from enough, so we need multiple rule set for only one type of URL based phishing detection. Likewise for other parameter we need to write other rule this leads to more complex algorithm.
    6.1.3. An Identity Based Anti Phishing Techniques

    This technique follows mutual authentication methodology where both user and online entity validates each other’s identity during handshake. It is an anti-phishing technique that integrates partial credentials sharing and client filtering technique to prevent phishers from easily masquerading as legitimate online entities. As mutual authentication is followed, there would be no need for users to reenter their credentials. Therefore passwords are never exchanged between users and online entities except during the initial account setup process.
    • Advantage: It provide mutual authentication for server as well as client side. Using these techniques user does not to reveal his credential password in whole session except first time when the session is initialized.
    • Disadvantage: In identity based anti-phishing if a hacker gain access to the client computer and disable the browser plug-in then method will be compromise against phishing detection.
    6.1.4. Character Based Anti Phishing Approach

    Many time phishers tries to steal information of users by convincing them to click on the hyperlink that they embed into phishing email. A hyperlink has a structure as follows. <ahref="URI"> Anchor text <\a> where 'URI' (universal resource identifiers) provides the actual link where the user will be directed and 'Anchor text' is the text that will be displayed in user's Web browser and represents the visual link.

    Character based antiphishing technique uses characteristics of hyperlink in order to detect phishing links. Linkguard is a tool that implements this technique. After analyzing many phishing websites, the hyperlinks can be classified into various categories . For detection of phishing sites LinkGuard, first extracts the DNS names from the actual and the visual links and then compares the actual and visual DNS names, if these names are not the same, then it is phishing of category 1. If dotted decimal IP address is directly used in actual DNS, it is then a possible phishing attack of category 2.If the actual link or the visual link is encoded (categories 3 and 4),then first the link is decoded and then analyzed. When there is no destination information (DNS name or dotted IP address) in the visual link then the hyperlink is analyzed. During analysis DNS name is searched in blacklist and white list. If it is present in whitelist then it is sure that the link is genuine and if link is present in blacklist then it is sure that link is phished one.

    If the actual DNS is not contained in either whitelist or blacklist, Pattern Matching is done. During pattern matching first the sender email address is extracted and then it is searched in seed set where a list of address is maintained that are manually visited by the user. Similarity checks the maximum likelihood of actual DNS and the DNS names in seed-set. The similarity index between two strings is determined by calculating the minimal number of changes needed to transform a string to the other string.

    6.1.5. Content Based Anti-Phishing Approach

    GoldPhish tool implements this technique and uses google as its search engine. This mechanism gives higher rank to well-established web sites. It has been observed that phishing web pages are active only for short period of time and therefore will acquire low rank during internet search and this becomes basis for content based anti-phishing approach. The design approach can be broken down into three major steps. The first step is to capture an image of the current website in the user’s web browser. The second step is to use optical character recognition techniques to convert the captured image into computer readable text. The third step is to input the converted text into a search engine to retrieve results and analyze the page rank.
    • Advantages: Generally GoldPhish does not result in false positive and provides zero day phishing.
    • Disadvantages: GoldPhish delays the rendering of a webpage. It is also vulnerable to attacks on Google’s Page Rank algorithm and Google’s search service.
    So it can be concluded that most of the anti-phishing techniques focus on contents of web page, URL and email. Character based anti-phishing approach may result in false positive but content based approach never results in false positive. Attribute based approach consider almost all major areas vulnerable to phishing so it can be best anti-phishing approach that can detect known as well as unknown phishing attack. Identity based anti-phishing approach may fails if phisher gets physical access to client’s computer.


    No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it. Now, a lot of organizations are providing a lot of online services for the customer for making the services they provide seem easier to the user. Phishers use maximum benefit of this. So always be careful while dealing with personal or important details online. Prevention is always better than cure.

Tag Cloud Tag Cloud Module