Preventing Phishing and Identity Theft at Client Side

Only available on StudyMode
  • Download(s) : 64
  • Published : February 6, 2011
Open Document
Text Preview
Preventing Phishing and Identity Theft at Client Side
S. Sri Harsha1, V.Kavitha2 , A.V Naga Chary3 , Ch.Supraja4

1 Assistant Professor, AbdulKalam Institute of Technological sciences, Kothagudem, Khammam, AP-507120 , sriharsha566@gmail.com

2 Assistant Professor, AbdulKalam Institute of Technological sciences, Kothagudem, Khammam, AP-507120 , valasakavitha520@gmail.com

3 Assistant Professor, AbdulKalam Institute of Technological sciences, Kothagudem, Khammam, AP-507120 , nagachary.arudra@gmail.com

4 Assistant Professor, AbdulKalam Institute of Technological sciences, Kothagudem, Khammam, AP-507120 , chitti_supraja @gmail.com

Abstract—Phishing is a type of attack where the attacker creates a replica of an existing Web page to fool users into submitting personal, financial, or any other sensitive data like password data to what they think is their service provider’s Website. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Recent victims include Charlotte’s Bank of America, Best Buy and eBay, where people were directed to web pages that looked nearly identical to companies’ sites. This paper proposes an anti-phishing algorithm, by utilizing the generic characteristics of the hyperlinks in phishing attacks. This algorithm checks for the genuineness of the URL by analyzing the phishing data archive provided by the Anti-Phishing Working Group (APWG). Because it is based on the generic characteristics of phishing attacks, this algorithm can detect not only known but also unknown phishing attacks.

Index Terms—Network security, Phishing attacks, Hyperlink, Identity Theft

1. Introduction

Phishing is the new 21st century crime. The global media runs stories on an almost daily basis covering the latest organisation to have their customers targeted and how many victims succumbed to the attack. Phishing was first used in 1996 by hackers to steal America Online (AOL) accounts by scamming passwords from AOL users. [1] Phishing is a new word produced from ‘fishing’, in which criminals fish for financial information from the sea of online consumers using fraudulent emails as bait. It refers to the act that the attacker misleads the user to visit a dummy web site by sending him fake e-mails and stealthily get victim’s personal information such as user id, password, bank account or credit card number, etc– all the data necessary to commit identity theft.

. The Anti- Phishing Working Group received 1197 unique phishing email messages in May 2004, averaging 38.6 a day. [2] Where as the unique phishing reports reached a Q1 2010 high of 30,577 in MARCH and the top three phishing site hosting countries are, USA (61.62%), China (4.35%), Germany (3.59%). This is part of a very clear trend in which the number of attacks is increasing without showing any signs of slowing.

This paper proposes an algorithm which analyses the hyperlinks in phishing e-mails. This analysis is based on the characteristics of hyperlinks which are listed below. 1)The visual link and the actual link are not the same; 2)The attackers often use dotted decimal IP address instead of DNS name; 3)Special tricks are used to encode the hyperlinks maliciously; 4)The attackers often use fake DNS names that are similar (but not identical) with the target website.

While it is not possible to stop phishing attempts, it is quite possible to make them ineffective.

2. EMAIL FRAUD

Email fraud involves a deliberate attempt by the sender to defraud using email as the contact mechanism. Fraudulent email is becoming a dangerous force, capturing the attention of the media, corporate executives, legislators, and consumers. This rapidly increasing category ranges from simple scams to more complex attempts to perpetrate online identity theft or misrepresent the brand...
tracking img