Phishing is a schema of online identity theft and most of the hacker uses these techniques to collect personal information from unsuspecting victims. The identification of phishing techniques can be done in various methods of communications like email, phone or at web page level. Phishing email contains messages like ask the users to enter the personal information so that it is easy for hackers to hack the information. To finish phishing many detection and prevention techniques has been made with their own advantages and disadvantages respectively, but phishing has not been demolished completely yet. In this paper, we have studied Phishing and its types in detail, Anti-Phishing Strategies and Anti-Phishing Techniques.
Phishing sometime comes, around the year 1995; these types of frauds were rarely known by everyday people until nearly ten years later. Now a day’s most of the attacks have become major problem in networks. Security is needed to protect the data from different attacks. There are mainly two types of attacks Active attack and Passive attack. Passive attack is known as Phishing. Phishing is a continual threat and is majorly done in social media such as Facebook and Twitter. Phishing emails contain link to the influence the website. Phishing email direct the user to the infected website where they are asked to enter the personal information, so that the website will hack the information whatever the user enters. Attacks will intrude into the network framework and collect the information needed to cause perceptivity to the networks.
An entire phishing attack related to the roles of phisher. At the first time mailers send out huge number of fake e-mails which directs uses to fraudulent websites, Then collector set up fraudulent websites which active quickly users to provide private information. At last cashers use the confidential information to achieve a payout.
Types of Phishing Attacks:
Deceptive phishing is the most usually use type of phishing scam. These types of frauds occur when an identified source emails you in order to adjustment the information. Typically, these emails request that you:
- Re-enter information, such as logins or passwords
- Verify account information
- Request that you change your password
- Make a payment.
Once this information is entering into the input, hackers can access private information in your accounts and then use of the sensitive information in order to steal payment card information, sell your personal information or otherwise use your sensitive information for gain.
The achievement of a deceptive phish hinges on how approximately the attack email resembles an authentic company’s official correspondence. As a result, users should must be inspect all URLs carefully to see if they redirect to an anonymous website. They should also look out for generic greeting, grammar mistakes, and spelling errors greeting throughout the email.
Spear phishing targets at specific group .Spear phishing is a, which need your information in order to trick you into thinking you have a relationship with the sender. Information that is use of includes full name, semi-private information, or other position information.
Email or electronic communications Foard targeted towards a specific individual, organization or business. Spear-phishing can easily be distracted with phishing because of Phishing and Spear-phishing they both are online attacks on users that targeted to acquire Private Information. Spear-phishing attacks aim to a specific victim and messages are altered to specifically location that victim, denotation coming from an entity that they are common, with and containing private information.
A Phisher could forge a website that looks similar to an authentic website so that the victims may think this is the genuine site and enter the private information which is collected by the phisher. Web spoofing can give the information to the attacker to create a “duplicate copy” of the whole world wide web. Attack is similar like con game and online fraud.
- URL Rewriting
A man-in-the-middle attack frequently refers to an attack in which an attacker in hidden Manner intercepts the electronic messages given between the sender and receiver and then acquirement, Insert and modify message during message transmission.
A man-in-the-middle attack uses Trojan horses to intercept Private information.
Man-in-the-middle is a type of eavesdropping attack that incurs when a malicious actor inserts himself as a relay/proxy into a communication session in the middle people or systems. A MITM attack exploits the conversations or transfer of other data and real-time processing of transactions.
Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either external party knowing until it is too late.
Anti-Phishing is a service that can be help to detect unauthorized access to secure the information. Anti-Phishing is based on the premise that for not knowledgeable, non-technically users, it is better for an application to attempt to check the trustworthiness of a web site on behalf of the user. Anti-Phish is an application that is integrated into the web browser. In general anti-phishing techniques can be classified into following categories:
Content Filtering is also known as information filtering. Content filtering typically works by specifying character strings that, if matched, indicate undesirable content that is to be screened out. Critics of content filtering programs point out that it is not difficult to unintentionally exclude desirable content. In such a usage content filtering is serving a security purpose, but content filtering is also used to implement company policies related to information system usage.
It is a collection of known phishing Web sites/addresses published by trustworthy entities like Google’s and Microsoft’s black list. It necessary both a client & a server component. The client part is implemented as either an email or browser plug-in that communicated with a server part, which in this case is a public Web site that provides a list of known phishing sites.
Symptom-based prevention analyses the content of each Web page the user visits and attacks.
Communicate with the employees that if they receive e-mail or Web requests for impressionable information, they are restricted from sharing or disclosing any such information to any party external the firm without a written agreement approved in writing by a supervisor. This removes the element of immediately that is a common characteristic of phishing requests.
Employees who receive such emails at work are necessary to report it to their supervisor urgently. In most cases, this also applies to telephone contact as well.
Fake ATM (automated bank machine) keypads are most frequently placed in drive-through banks. Always use indoor ATMs or communicate directly with bank tellers.
Never give outside banking or financial information unless it is in a branch of the bank or by phoning a listed phone number for the financial institution. SINs, PINs or passwords must never be discovering to anyone.
Urgent e-mail requests from individual client or company contacts that are not directly known by you must never be acknowledged. Links contained within those e-mails should never be opened. Always ensure by telephone that the person who requests urgent information is who they say they are. For any sensitive, urgent information of a financial or business nature, refer the matter to your supervisor. The only exception is for work directly related to a project, where you clearly know your interlocutor.