A phishing vulnerability analysis of web based systems

Yu, Weider D.; Nargundkar, S.; Tiruthani, Nagapriya

doi:10.1109/iscc.2008.4625681

Cited by 36 publications

(21 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A phisher uses social engineering practices to defraud honest Internet users into providing their financial and personal information (Yu, Nargundkar and Tiruthani 2008). Phishers know that the Internet users seem to be the weakest link in the protection chain.…”

Section: Human Vs Automatic Based Protectionmentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

130

View full text Add to dashboard Cite

The Internet has become an essential component of our everyday social and financial activities.Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods. INTRODUCTIONAlthough phishing is a relatively new web-threat, it has a massive impact on the commercial and online transaction sectors. Presumably, phishing websites have high visual similarities to the legitimate ones in an attempt to defraud the honest people. Social engineering and technical tricks are commonly combined together in order to start a phishing attack. Typically, a phishing attack starts by sending an e-mail that seems authentic to potential victims urging them to update or validate their information by following a URL link within the e-mail. Predicting and stopping phishing attack is a critical step toward protecting online transactions. Several approaches were proposed to mitigate these attacks. Nonetheless, phishing websites are expected to be more sophisticated in the future. Therefore, a promising solution that must be improved constantly is needed to keep pace with this continuous evolution. Anti-phishing measures may take several forms including: legal, education and technical solutions. To date, there is no complete solution able to capture every phishing attack. The Internet community has put in a considerable amount of effort into defensive techniques against phishing. However, the problem is continuously evolving and ever more complicated decept...

show abstract

Section: Human Vs Automatic Based Protectionmentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

130

View full text Add to dashboard Cite

show abstract

“…The counterfeit website is then used to gather information such as usernames and passwords as well as sending out spam emails. Banking information, such as credit card details, is usually the primary target and the success Phishers tend to have means this type of attack has become the most popular way of conducting cyber-crime [140]. were victims and were affected financially as a result of successful Phishing attacks [141].…”

Section: Cyber-threat Growing Concernmentioning

confidence: 99%

Behavioural Observation for Critical Infrastructure Security Support

Hurst

Merabti

Fergus

2013

2013 European Modelling Symposium

View full text Add to dashboard Cite

“…This is called defrauding in the law but in computer science it is called phishing. Phishing is the criminal act of illegal access to secret and sensitive information such as username, password, and credit card details by showing an electronic connection as apparently trustworthy [4].…”

Section: Introductionmentioning

confidence: 99%

Proposing a new clustering method to detect phishing websites

Arab¹,

Sohrabi²

2017

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Abstract:Phishing websites are fake ones that are developed by ill-intentioned people to imitate real and legal websites.Most of these types of web pages have high visual similarities to hustle the victims. The victims of phishing websites may give their bank accounts, passwords, credit card numbers, and other important information to the designers and owners of phishing websites. The increasing number of phishing websites has become a great challenge in e-business in general and in electronic banking specifically. In the present study, a novel framework based on model-based clustering is introduced to fight against phishing websites. First, a model is developed out of those websites that already have been identified as phishing websites as well as real websites that belong to the original owners. Then each new website is compared with the model and categorized into one of the model clusters by a probability. The analyses reveal that the proposed algorithm has high accuracy.

show abstract

A phishing vulnerability analysis of web based systems

Cited by 36 publications

References 0 publications

Tutorial and critical analysis of phishing websites methods

Tutorial and critical analysis of phishing websites methods

Behavioural Observation for Critical Infrastructure Security Support

Proposing a new clustering method to detect phishing websites

Contact Info

Product

Resources

About