scispace - formally typeset
Proceedings ArticleDOI: 10.1109/ICSCCC.2018.8703343

Analysis and Prevention of Phishing Attacks in Cyber Space

01 Dec 2018-
Abstract: Now-a-days internet become a very unsafe space to deal with. Hackers are constantly trying to gain the user’s personal information, and detailed credentials. So many websites on the internet, even though safe, this safety cannot be assured by all websites. These rule breakers avoid abiding by rules, and try to employ methods like trickery and hacking to gain illegal access to private information. To be able to overcome this problem, we need to first understand the intricacies of how the virus is designed. This paper mainly deals with the analysis of phishing attacks in the cyberspace and any malicious content that is associated with the web, and is carried out within the browser. The files which are downloaded with virus, and involve third party applications from the PC, cannot be checked for virus. For instance, if there is a word file that is downloaded to the PC, it uses apps outside the web in the VM, and hence cannot be controlled by the VM.

...read more

Topics: Phishing (59%), The Internet (54%), Personally identifiable information (51%) ...read more
Citations
  More

Open accessJournal Article
Bryan Parno1, Cynthia Kuo1, Adrian Perrig1Institutions (1)
Abstract: Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware. We demonstrate the practicality of our system with a prototype implementation.

...read more

Topics: Phishing (65%), Spoofed URL (61%), Spoofing attack (53%) ...read more

183 Citations

References
  More

Proceedings ArticleDOI: 10.1145/1124772.1124861
22 Apr 2006-
Abstract: To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed.

...read more

Topics: Phishing (61%), Tabnabbing (59%), Spoofed URL (56%)

1,281 Citations


Journal ArticleDOI: 10.1145/1290958.1290968
Abstract: Sometimes a "friendly" email message tempts recipients to reveal more online than they otherwise would, playing right into the sender's hand.

...read more

Topics: Phishing (62%), Tabnabbing (57%)

953 Citations


Open accessProceedings ArticleDOI: 10.1145/1242572.1242660
Ian Fette1, Norman Sadeh1, Anthony Tomasic1Institutions (1)
08 May 2007-
Abstract: Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity for the purpose of stealing account information, logon credentials, and identity information in general. This attack method, commonly known as "phishing," is most commonly initiated by sending out emails with links to spoofed websites that harvest information. We present a method for detecting these attacks, which in its most general form is an application of machine learning on a feature set designed to highlight user-targeted deception in electronic communication. This method is applicable, with slight modification, to detection of phishing websites, or the emails used to direct victims to these sites. We evaluate this method on a set of approximately 860 such phishing emails, and 6950 non-phishing emails, and correctly identify over 96% of the phishing emails while only mis-classifying on the order of 0.1% of the legitimate emails. We conclude with thoughts on the future for such techniques to specifically identify deception, specifically with respect to the evolutionary nature of the attacks and information available.

...read more

Topics: Phishing (63%), Spoofed URL (59%), Tabnabbing (59%)

586 Citations


Proceedings ArticleDOI: 10.1145/1073001.1073009
Rachna Dhamija1, J. D. Tygar1Institutions (1)
06 Jul 2005-
Abstract: Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users.We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme.We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields.Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a "skin" that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user's browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match.We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.

...read more

Topics: Trusted path (60%), Web server (59%), User interface (59%) ...read more

567 Citations


Open accessProceedings Article
01 Jan 2004-
Abstract: Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems in

...read more

Topics: Web page (61%), Spoofing attack (60%), Identity theft (59%) ...read more

470 Citations


Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20061
Network Information
Related Papers (5)