Phishing is a type of online security attack where attackers create fake websites to steal users' personal or financial information. The document proposes an anti-phishing system called "Phish-Secure" that uses three-factor authentication to detect and prevent phishing attacks. It verifies websites by comparing images to databases, checking URLs, blacklisting known phishing IP addresses, and validating destination IP addresses. The system aims to reduce phishing by accurately identifying legitimate websites versus fraudulent impersonations.
2. • Phishing basics
• Introduction
• Flow of information in phishing attak
• Phishing attacks
• Common procedure of phishing attack
• Approaches to prevent phishing attack
• Proposed system
• Flow chart
• Conclusion
• Reference
3. • What is phishing?
• Why it is called phishing?
• Pronounced as „Fishing‟.
• The word has its Origin from two words
“Password Harvesting” or fishing for Passwords
• Also known as "brand spoofing“.
4. Phishing is a kind of online security attack where the attacker creates a replica of
an existing web page to fool users in order to hack their personal, financial, or
password data.
Phishing often directs users to enter details in a fake website who’s URL, look and
feel are almost identical to the legitimate one.
The current Anti-Phishing system has failed to prevent Phishing completely.
An Anti-Phishing algorithm is proposed which is termed as “Phish-Secure”.
Phish-Secure utilize a three factor authentication system which successfully
detects and prevents all Phishing attacks.
5. 1. A deceptive message is sent from the Phishers to the
user.
2. A user provides confidential information to a Phishing
server (normally after some interaction with the server).
3. The Phishers obtains the confidential information from the
server.
4. The confidential information is used to impersonate the
user.
5. The Phishers obtains illicit monetary gain.
6. Phishing by URL Obfuscation
For example, the customer may follow a link to
http://www.mybank.com.ch/ instead of the original link
http://www.mybank.com/ .
This is a fake website for Facebook which looks like same
as that of legitimate website.
www.sanagustinturismo.co/Facebook/
7. Pharming
Pharming is a hacker's attack aiming to redirect a website's
traffic to another bogus website.
Pharming can be conducted by either DNS Poisoning or HOSTS file
Modification.
DNS poisoning
Attacker hacks into the DNS server and changes the IP address for
www.targetsite.com to IP of www.targetsite1.com (Fake page).
So if the user enter the URL in address bar, the computer queries the DNS server
for the IP address of www.targetsite.com
Since the DNS server has already been poisoned by the attacker, it returns the IP
address of www.targetsite1.com (fake page).
The user will believe it is original website but it is phishing page.
8. HOSTS file Modification.
This method is local DNS poisoning.
The host file contains Domain Name and IP address associated with them. Your
host file will be in this path:
It will change the fields of hosts so that original website will point to some other
fake page.
Other types of pharming attacks involve Trojan horses, worms or other
technologies that attack the browser address bar, thus redirecting you
to a fraudulent website when you type in a legitimate address.
9. Man-in-the-middle Attacks
In this type of attack, the attacker situates themselves
between the customer and the real web-based
application, and proxies all communications between the
systems.
In this the hacker must re-direct the user to his proxy
server instead of the real server. This may be carried out
through a
DNS Cache Poisoning
URL Obfuscation
10. Phishing attacks are performed with the following steps:
1) Phishers set up a fake Web site which looks exactly like the
legitimate Web site, which includes setting up the web server
and create the web pages similar to the destination Website .
2) User receives the e-mail, opens it, click the spoofed
hyperlink in the e-mail, and input the required information.
11. There are several technical and non-technical ways to prevent
Phishing attacks:
Educate users to understand how Phishing attacks work and to
be alert when Phishing-alike e-mails are received.
Use technical methods to stop Phishing attackers.
In this, we only focus on the technical aspect.
12. Technical approaches to prevent “Phishing” attack.
Detect and block Phishing in time
Detect the Phishing Web sites in time, we can block the sites and prevent
Phishing attacks.
DNS Scan
The web master of a legal web site periodically scans the root DNS for
suspicious sites. (e.g. www.icci.com vs. www.icici.com)
13. Enhance the security of the web sites
The business websites can take new methods to guarantee the security of
users personal information.
One method to enhance the security is to use hardware devices.
For example, the Barclays bank provides a hand-held card reader to the users.
Use the biometrics characteristic (e.g. voice, fingerprint, iris, etc.) for user
authentication.
Install online anti-Phishing software in user’s computers
Install anti-Phishing tools in their computers .
The anti-Phishing tools are categorized as:
blacklist/White list based.
14. A. Image Similarity Detection:
Image similarity detection is done which helps in finding out which
page the user tends to visit, then it is checked for Phishing.
For this purpose a system captures the image of a webpage in a
particular resolution in the required format. This image is termed as
Visual image.
If the attacker is going to create a Phishing site he is going to use the
replica of the original webpage in order to fool the users.
Phish-Secure make a comparison to find out the similarity between
the visited page and the page in the database.
15. Table of Sample Database Structure
The similarity is obtained in means of percentage, if the percentage of
similarity (PS) is greater than 99 % then Phish-Secure concludes which
website the user is tending to visit.
16. B. Factor 1: URL Verification.
When the user visits any site the Phish-Secure immediately grabs the URL
of the visited page. If the visited page URL is encoded Phish-Secure
decodes it.
Then a comparison is made between the actual URL and the visual URL if
they are same further verification is carried out. On the other hand if they
are different Phish-Secure identifies the particular website as Phishing.
17. C. Factor 2: Black Listing (Based On IP):
When the user visits a webpage Phish-Secure grabs the destination IP
which gives information about to which IP address the user is getting
connected, this is referred as V_IP (Visual IP).
If an attacker web server IP address has already been found guilty the
particular IP is blacklisted.
Phish-Secure check this Blacklist with the V_IP and will warn the user.
On the other hand if the V_IP is not found in Blacklist further
verification is done in the following step.
18. D. Factor 3: Layer 3’s Destination Address
Verification:
Phish-Secure grabs the actual list of IP address of the provider
which he tends to connect.
Phish-Secure gets the list of IP address which is referred to as
actual IP [ ] and is checked with the V_IP (i.e.) the IP address to
which the user is getting connected.
If these two IP address are same Phish-Secure identifies the
particular site as genuine and returns a message as authenticated.
On the other hand if there is a mismatch in the above verification
Phish-Secure identifies the site as Phishing and warns the user.
19.
20. Phishing has becoming a serious online security threat which causes loss
of sensitive data. which in turn causes loss in billions of dollars to both
consumers and e-commerce companies.
In this ‘Phish-Secure’, an anti-phishing algorithm has been designed.
Phish-Secure is capable of detecting both known and unknown Phishing
attacks. Phish-Secure will verify whether the user is connected to the
website which he actually tends to connect.
Since this is based on the verification of the destination servers IP address
the probability of Phishing attack is drastically reduced.