SlideShare a Scribd company logo

Phishing

Download as DOCX, PDF
Programmer
Programmer

phishing By : Dr.Ahmad Manasrah

Education
1 of 4
Phishing e-mail features 1. Non-matching between the target and text of URLs (Tardiflink) Phishers commonly use e-mails supported by HTML so that they can display links that appear to be from a legitimate Web site, such as paypal.com. However, the link is actually a URL that redirects the user to phishingsite.com. This feature depends on the verification of all URLs. The comparison is done between portions of text linked in the URL and parts of the HREF. If these items have different hosts, the probability of an e-mail being a phishing e-mail is increased. An example is <a HREF =”http://www.phishingsite.com">http://www.paypal.com </a>, which is a binary feature that takes a value of 1 if there is non-matching of URLs, and 0 otherwise. 2. Using IP address (ipaddress) A number of phishers depend on their PCs as hosts for a phishing Web site. However, these PCs sometimes do not have DNS entries. Therefore, the easiest way to hide the normal form of a URL is to use IP addresses. Legitimate companies rarely use an IP address as a link page. We take (http://218.56.77.130/paypal.com) as example. For this feature, if an e-mail message has a link similar to an IP address, the probability of the e-mail being a phishing e-mail is increased. This is a binary feature that takes a value of 1 if the e-mail contains a URL similar to an IP address, and 0 otherwise. 3. Difference between sender domains with the domain of embedded links (diffsenlindom) When the link embedded in the HTML does not equal the sender’s domain, it is most likely a phishing e-mail. For example, an e-mail may contain the following information: From: identdep_op720@southtrust.com, URL link: http://accounts.keybank.com. This is a binary feature. Therefore, if the domain name in the “from “field does not equal the domain name in the URL (embedded HTML), the value of this feature is 1, and 0 otherwise. 4. Number of links (nulinks) One of the features of a phishing e-mail is a number of links embedded in HTML parts. In the proposed model, links are distinguished based on tags <a> with HREF. This feature includes “mail to:” links. After analyzing the data set, this binary feature takes a value of 1 if there are more than three embedded links, and 0 otherwise.
5. Number of different domains (nudiffdomain) The main part of a domain name which starts with http:// or https:// is extracted for all URLs starting with http:// or https://. In the present work, the main part of a link is assumed to include the section after the first dot up to the first slash (“/”) if the link has a long domain name. For example, the “main” part of www.sg.echool.edu is sg.echool.edu, and the “main” part of www.jordan.com is jordan.com. After this process, the number of different domains is calculated. After analyzing 4,000 phishing and ham e-mails, many phishing e-mails were found to have more than three domains. Therefore, this feature takes a value of 1 if the number of different domains is more than three, and 0 otherwise. 6. Number of dots in a domain (nodot) Attackers utilize many methods to stage a phishing attack. One method depends on the inclusion of a sub-domain. We take http://www.may-bank. update.data.com as example. This link appears to be hosted by Maybank, but it is actually not. There are four dots in the domain. Generally, a legitimate company will have no more than three dots on its domain name. Therefore, this feature depends on determining the maximum number of dots. It takes a value of 1 if there are more than three dots in the domain, and 0 otherwise. 7. Click here (clickhere) Many phishers use words like “click here,” “click,” or “here” in the text portion of their links in order to hide a suspicious domain name. When users click on such words, they are redirected to a phishing Web site. We take <a HREF="http://61.119.228.47/.eBay/” >click here</A> as example. If an e-mail message has one of the three words mentioned above, it is flagged as a phishing e-mail. This binary feature takes a value of 1, and 0 otherwise. 8. Pictures used as links (NoPicLinks) Some attackers use an image as a link to hide fraudulent URLs. We take <img src="http://www.paypalobjects.com/en_US " </a> as example. The maximum number of images used as a link is calculated based on the tag “<img src=URL</a>” embedded in the HTML. After analysis, this binary feature takes a value of 1 if there are more than two pictures used as links, and 0 otherwise. 9. HTML e-mail (html e-mail) At present, creating a phishing e-mail is difficult without using an HTML code because an HTML code enables an embedded link to connect directly to other Web sites. The presence of an HTML code in an e-mail can be determined using MIME types. If the MIME type is either text/html or a multipart/alternative, an HTML code is embedded in the message. This is a binary feature takes a value of 1 if no HTML code is embedded, and 0 otherwise.
10. Use of JavaScript (jascript) One of the primary methods used by an attacker to build a phishing e-mail is the use of java script because with this simple language, the phisher can program pop-up windows. The phisher can then change the status bar of a Web browser, enabling him/her to build a complex attack using an embedded script code inside a link. An e-mail message can be determined to have a java script by the tag “JavaScript” or <script>. This binary feature takes a value of 1 if the message has a java script code, and 0 otherwise. 11. Non-standard port in the URL (nonstport) A server accesses Web pages using ports, and a few phishers use non-standard ports to hide their identity and location. Web pages use port 80 as default, and some normal ports such as 443 are used by legitimate companies. The port number in a URL link comes after a colon. For example, in http://www.paybankonline.com:ac@50.28.170.70:8030/, :8030 represents the port number. This is a binary feature that takes a value of 1 if the e-mail message uses a port other than 80 or 443, and 0 otherwise. 12. URL containing hexadecimal characters or @ symbol (hexorat) Some attackers use hexadecimal character codes to hide embedded URLs. Attackers can write an IP address using the “%” symbol to build a hexadecimal number. Sometimes, they use the “@” symbol to confuse users. This binary feature takes a value of 1 if the message URL contains either the “%”or @ symbol, and 0 otherwise. 13. Message size (messize) Message size refers to the size of an e-mail in bytes. Most phishing e-mails have a size of less than 25 kb. However, based on a semantic report [19], more than 90% of phishing e-mails have a size of less than 20 kb. Therefore, this binary feature takes a value of 1 if the message size is less than 25 kb, and 0 otherwise. 14. Faking a secure connection (facksecon) One of the most fraudulent applications used by phishers utilizes URLs that begin with “https://” (instead of using “http://”) to trick users into believing that the link is a legitimate URL supported by a Secure Sockets Layer certificate. We take https://www.maybank.com%01 [string of ~ 60 “%01” elided]@203.172.185.20/f/ as example. Clicking on this link will redirect the user to “http:// 203.172.185.20/f/” which tries to mimic a secure connection. This binary feature takes a value of 1 if the embedded URL starts with https://, and 0 otherwise 15. HTML form (htmlform) One of the earliest features used to collect user information directly by e-mail utilizes the FORM feature. This feature is a simple code written using HTML, which allows a form requiring the entry of user information such as usernames and passwords to be built. The FORM feature uses a button to submit this information to a
phisher account. This feature can be detected if the HTML code has a <FORM>tag. This binary feature takes a value of 1 if the message has a <form>tag, and 0 otherwise. 16. Spam features (spamfeatures) More than 90% of daily e-mails are classified as spam. Phishing e-mails comprise a subset of spam. One of the most powerful software tools available for free and is from an open source, which can classify e-mails as either spam or not, is SpamAssassin [20]. In the current work, SpamAssassin version 3.2.3.5 was used with the default rule, and using the threshold, more than 40 Boolean features were examined by the software. This binary feature takes a value of 1 if the message is classified as spam, and 0 otherwise.

Recommended

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET Journal
 
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.VelmayilIJET - International Journal of Engineering and Techniques
 
Report - Final_New_phishila
Report - Final_New_phishilaReport - Final_New_phishila
Report - Final_New_phishilaAshwin Palani
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam ieijjournal
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593IJERA Editor
 
Apple URL Scheme Reference
Apple URL Scheme ReferenceApple URL Scheme Reference
Apple URL Scheme ReferenceThanh Nguyen
 

Recommended

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET Journal
 
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.Velmayil[IJET V2I5P15] Authors: V.Preethi, G.Velmayil
[IJET V2I5P15] Authors: V.Preethi, G.VelmayilIJET - International Journal of Engineering and Techniques
 
Report - Final_New_phishila
Report - Final_New_phishilaReport - Final_New_phishila
Report - Final_New_phishilaAshwin Palani
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam ieijjournal
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593IJERA Editor
 
Apple URL Scheme Reference
Apple URL Scheme ReferenceApple URL Scheme Reference
Apple URL Scheme ReferenceThanh Nguyen
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?NormShield
 
B2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's GuideB2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's GuideMatthew Albert
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormShield
 
Safe Email Practices
Safe Email PracticesSafe Email Practices
Safe Email PracticesJonathan Slavin
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar finalShivarajkumar Badiger
 
IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites Nikhil Soni
 
What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17Eyal Doron
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...CSCJournals
 
Types of impersonating
Types of impersonatingTypes of impersonating
Types of impersonatingSOCRadar Inc
 
IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing Safak Aslan
 
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.IIADM
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Classification with R
Classification with RClassification with R
Classification with RNajima Begum
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniquesFarkhad Badalov
 
Learning to detect phishing ur ls
Learning to detect phishing ur lsLearning to detect phishing ur ls
Learning to detect phishing ur lseSAT Publishing House
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Futbol sala1
Futbol sala1Futbol sala1
Futbol sala1Marina de Guerra
 
Bab 4
Bab 4Bab 4
Bab 4wiwid9h
 
Futsal
Futsal Futsal
Futsal Marina de Guerra
 

More Related Content

What's hot

Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?NormShield
 
B2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's GuideB2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's GuideMatthew Albert
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormShield
 
IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites Nikhil Soni
 
What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17Eyal Doron
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...CSCJournals
 
Types of impersonating
Types of impersonatingTypes of impersonating
Types of impersonatingSOCRadar Inc
 
IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing Safak Aslan
 
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.IIADM
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Classification with R
Classification with RClassification with R
Classification with RNajima Begum
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniquesFarkhad Badalov
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 

What's hot (19)

Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?
 
B2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's GuideB2C Deliverability in 2018: A Hitchhiker's Guide
B2C Deliverability in 2018: A Hitchhiker's Guide
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing Report
 
Safe Email Practices
Safe Email PracticesSafe Email Practices
Safe Email Practices
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar final
 
IJSRED-V2I4P0
IJSRED-V2I4P0IJSRED-V2I4P0
IJSRED-V2I4P0
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites
 
What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your business
 
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...
 
Types of impersonating
Types of impersonatingTypes of impersonating
Types of impersonating
 
IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing IDN Homograph Attack and Phishing
IDN Homograph Attack and Phishing
 
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
Digital marketing interview questions seo, smo, sem, smm, pcc, orm etc.
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attack
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Classification with R
Classification with RClassification with R
Classification with R
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniques
 
Learning to detect phishing ur ls
Learning to detect phishing ur lsLearning to detect phishing ur ls
Learning to detect phishing ur ls
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 

Viewers also liked

Training & nutrition insider secrets for a lean body
Training & nutrition insider secrets for a lean bodyTraining & nutrition insider secrets for a lean body
Training & nutrition insider secrets for a lean bodyytbiz
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionProgrammer
 
Regional manager
Regional managerRegional manager
Regional managerSaulo Ramos
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 

Viewers also liked (15)

Futbol sala1
Futbol sala1Futbol sala1
Futbol sala1
 
Bab 4
Bab 4Bab 4
Bab 4
 
Futsal
Futsal Futsal
Futsal
 
Training & nutrition insider secrets for a lean body
Training & nutrition insider secrets for a lean bodyTraining & nutrition insider secrets for a lean body
Training & nutrition insider secrets for a lean body
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Bab II
Bab IIBab II
Bab II
 
Protocols
ProtocolsProtocols
Protocols
 
Regional manager
Regional managerRegional manager
Regional manager
 
Henry wallon
Henry wallonHenry wallon
Henry wallon
 
Futbol sala
Futbol salaFutbol sala
Futbol sala
 
Psico 0 a 6 años
Psico 0 a 6 añosPsico 0 a 6 años
Psico 0 a 6 años
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Luis giron peru 2016
Luis giron peru 2016Luis giron peru 2016
Luis giron peru 2016
 
Ip and icmp
Ip and icmpIp and icmp
Ip and icmp
 

Similar to Phishing

Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web SpamLow Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spamieijjournal
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web SpamLow Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spamieijjournal
 
An Seo’s Intro to Web Dev, HTML, CSS and JavaScript
An Seo’s Intro to Web Dev, HTML, CSS and JavaScriptAn Seo’s Intro to Web Dev, HTML, CSS and JavaScript
An Seo’s Intro to Web Dev, HTML, CSS and JavaScriptTroyfawkes
 
Ist264 sowards h_chapter7labjournal
Ist264 sowards h_chapter7labjournalIst264 sowards h_chapter7labjournal
Ist264 sowards h_chapter7labjournalHarold Sowards
 
Module 1 : Section 4 Internet Hosting
Module 1 : Section 4 Internet HostingModule 1 : Section 4 Internet Hosting
Module 1 : Section 4 Internet Hostingwebhostingguy
 
IT8005 Electronic Commerces Notes UNIT 1
IT8005 Electronic Commerces Notes UNIT 1IT8005 Electronic Commerces Notes UNIT 1
IT8005 Electronic Commerces Notes UNIT 1ArunsunaiComputer
 
Html advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formsHtml advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formssatish 486
 
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12 A Manager’s Guide to the Internetand TelecommuniChapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12 A Manager’s Guide to the Internetand TelecommuniEstelaJeffery653
 
Website development-osgl
Website development-osglWebsite development-osgl
Website development-osglpriyanka sharma
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...terihagh
 
Mengelola isi halaman web1 eng
Mengelola isi halaman web1 engMengelola isi halaman web1 eng
Mengelola isi halaman web1 engEko Supriyadi
 
Unit 8 ecommerce p1
Unit 8 ecommerce p1Unit 8 ecommerce p1
Unit 8 ecommerce p1IronCheese
 

Similar to Phishing (20)

Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learning
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web SpamLow Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam
 
Low Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web SpamLow Cost Page Quality Factors To Detect Web Spam
Low Cost Page Quality Factors To Detect Web Spam
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Phishing
PhishingPhishing
Phishing
 
Web Designing
Web Designing Web Designing
Web Designing
 
An Seo’s Intro to Web Dev, HTML, CSS and JavaScript
An Seo’s Intro to Web Dev, HTML, CSS and JavaScriptAn Seo’s Intro to Web Dev, HTML, CSS and JavaScript
An Seo’s Intro to Web Dev, HTML, CSS and JavaScript
 
Xssandcsrf
XssandcsrfXssandcsrf
Xssandcsrf
 
Ist264 sowards h_chapter7labjournal
Ist264 sowards h_chapter7labjournalIst264 sowards h_chapter7labjournal
Ist264 sowards h_chapter7labjournal
 
Module 1 : Section 4 Internet Hosting
Module 1 : Section 4 Internet HostingModule 1 : Section 4 Internet Hosting
Module 1 : Section 4 Internet Hosting
 
IT8005 Electronic Commerces Notes UNIT 1
IT8005 Electronic Commerces Notes UNIT 1IT8005 Electronic Commerces Notes UNIT 1
IT8005 Electronic Commerces Notes UNIT 1
 
Html advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formsHtml advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web forms
 
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12 A Manager’s Guide to the Internetand TelecommuniChapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
 
Website development-osgl
Website development-osglWebsite development-osgl
Website development-osgl
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
 
Webbasics
WebbasicsWebbasics
Webbasics
 
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...
How to Make SEO-friendly URLs that can Improve Your Search Engine Ranking & A...
 
Mengelola isi halaman web1 eng
Mengelola isi halaman web1 engMengelola isi halaman web1 eng
Mengelola isi halaman web1 eng
 
Unit 8 ecommerce p1
Unit 8 ecommerce p1Unit 8 ecommerce p1
Unit 8 ecommerce p1
 

Recently uploaded

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 

Recently uploaded (20)

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 

Phishing

  • 1. Phishing e-mail features 1. Non-matching between the target and text of URLs (Tardiflink) Phishers commonly use e-mails supported by HTML so that they can display links that appear to be from a legitimate Web site, such as paypal.com. However, the link is actually a URL that redirects the user to phishingsite.com. This feature depends on the verification of all URLs. The comparison is done between portions of text linked in the URL and parts of the HREF. If these items have different hosts, the probability of an e-mail being a phishing e-mail is increased. An example is <a HREF =”http://www.phishingsite.com">http://www.paypal.com </a>, which is a binary feature that takes a value of 1 if there is non-matching of URLs, and 0 otherwise. 2. Using IP address (ipaddress) A number of phishers depend on their PCs as hosts for a phishing Web site. However, these PCs sometimes do not have DNS entries. Therefore, the easiest way to hide the normal form of a URL is to use IP addresses. Legitimate companies rarely use an IP address as a link page. We take (http://218.56.77.130/paypal.com) as example. For this feature, if an e-mail message has a link similar to an IP address, the probability of the e-mail being a phishing e-mail is increased. This is a binary feature that takes a value of 1 if the e-mail contains a URL similar to an IP address, and 0 otherwise. 3. Difference between sender domains with the domain of embedded links (diffsenlindom) When the link embedded in the HTML does not equal the sender’s domain, it is most likely a phishing e-mail. For example, an e-mail may contain the following information: From: identdep_op720@southtrust.com, URL link: http://accounts.keybank.com. This is a binary feature. Therefore, if the domain name in the “from “field does not equal the domain name in the URL (embedded HTML), the value of this feature is 1, and 0 otherwise. 4. Number of links (nulinks) One of the features of a phishing e-mail is a number of links embedded in HTML parts. In the proposed model, links are distinguished based on tags <a> with HREF. This feature includes “mail to:” links. After analyzing the data set, this binary feature takes a value of 1 if there are more than three embedded links, and 0 otherwise.
  • 2. 5. Number of different domains (nudiffdomain) The main part of a domain name which starts with http:// or https:// is extracted for all URLs starting with http:// or https://. In the present work, the main part of a link is assumed to include the section after the first dot up to the first slash (“/”) if the link has a long domain name. For example, the “main” part of www.sg.echool.edu is sg.echool.edu, and the “main” part of www.jordan.com is jordan.com. After this process, the number of different domains is calculated. After analyzing 4,000 phishing and ham e-mails, many phishing e-mails were found to have more than three domains. Therefore, this feature takes a value of 1 if the number of different domains is more than three, and 0 otherwise. 6. Number of dots in a domain (nodot) Attackers utilize many methods to stage a phishing attack. One method depends on the inclusion of a sub-domain. We take http://www.may-bank. update.data.com as example. This link appears to be hosted by Maybank, but it is actually not. There are four dots in the domain. Generally, a legitimate company will have no more than three dots on its domain name. Therefore, this feature depends on determining the maximum number of dots. It takes a value of 1 if there are more than three dots in the domain, and 0 otherwise. 7. Click here (clickhere) Many phishers use words like “click here,” “click,” or “here” in the text portion of their links in order to hide a suspicious domain name. When users click on such words, they are redirected to a phishing Web site. We take <a HREF="http://61.119.228.47/.eBay/” >click here</A> as example. If an e-mail message has one of the three words mentioned above, it is flagged as a phishing e-mail. This binary feature takes a value of 1, and 0 otherwise. 8. Pictures used as links (NoPicLinks) Some attackers use an image as a link to hide fraudulent URLs. We take <img src="http://www.paypalobjects.com/en_US " </a> as example. The maximum number of images used as a link is calculated based on the tag “<img src=URL</a>” embedded in the HTML. After analysis, this binary feature takes a value of 1 if there are more than two pictures used as links, and 0 otherwise. 9. HTML e-mail (html e-mail) At present, creating a phishing e-mail is difficult without using an HTML code because an HTML code enables an embedded link to connect directly to other Web sites. The presence of an HTML code in an e-mail can be determined using MIME types. If the MIME type is either text/html or a multipart/alternative, an HTML code is embedded in the message. This is a binary feature takes a value of 1 if no HTML code is embedded, and 0 otherwise.
  • 3. 10. Use of JavaScript (jascript) One of the primary methods used by an attacker to build a phishing e-mail is the use of java script because with this simple language, the phisher can program pop-up windows. The phisher can then change the status bar of a Web browser, enabling him/her to build a complex attack using an embedded script code inside a link. An e-mail message can be determined to have a java script by the tag “JavaScript” or <script>. This binary feature takes a value of 1 if the message has a java script code, and 0 otherwise. 11. Non-standard port in the URL (nonstport) A server accesses Web pages using ports, and a few phishers use non-standard ports to hide their identity and location. Web pages use port 80 as default, and some normal ports such as 443 are used by legitimate companies. The port number in a URL link comes after a colon. For example, in http://www.paybankonline.com:ac@50.28.170.70:8030/, :8030 represents the port number. This is a binary feature that takes a value of 1 if the e-mail message uses a port other than 80 or 443, and 0 otherwise. 12. URL containing hexadecimal characters or @ symbol (hexorat) Some attackers use hexadecimal character codes to hide embedded URLs. Attackers can write an IP address using the “%” symbol to build a hexadecimal number. Sometimes, they use the “@” symbol to confuse users. This binary feature takes a value of 1 if the message URL contains either the “%”or @ symbol, and 0 otherwise. 13. Message size (messize) Message size refers to the size of an e-mail in bytes. Most phishing e-mails have a size of less than 25 kb. However, based on a semantic report [19], more than 90% of phishing e-mails have a size of less than 20 kb. Therefore, this binary feature takes a value of 1 if the message size is less than 25 kb, and 0 otherwise. 14. Faking a secure connection (facksecon) One of the most fraudulent applications used by phishers utilizes URLs that begin with “https://” (instead of using “http://”) to trick users into believing that the link is a legitimate URL supported by a Secure Sockets Layer certificate. We take https://www.maybank.com%01 [string of ~ 60 “%01” elided]@203.172.185.20/f/ as example. Clicking on this link will redirect the user to “http:// 203.172.185.20/f/” which tries to mimic a secure connection. This binary feature takes a value of 1 if the embedded URL starts with https://, and 0 otherwise 15. HTML form (htmlform) One of the earliest features used to collect user information directly by e-mail utilizes the FORM feature. This feature is a simple code written using HTML, which allows a form requiring the entry of user information such as usernames and passwords to be built. The FORM feature uses a button to submit this information to a
  • 4. phisher account. This feature can be detected if the HTML code has a <FORM>tag. This binary feature takes a value of 1 if the message has a <form>tag, and 0 otherwise. 16. Spam features (spamfeatures) More than 90% of daily e-mails are classified as spam. Phishing e-mails comprise a subset of spam. One of the most powerful software tools available for free and is from an open source, which can classify e-mails as either spam or not, is SpamAssassin [20]. In the current work, SpamAssassin version 3.2.3.5 was used with the default rule, and using the threshold, more than 40 Boolean features were examined by the software. This binary feature takes a value of 1 if the message is classified as spam, and 0 otherwise.