Anti-Phishing approaches Al-Maha Mohammed Abu Zuraiq PrincessSumaya University of Technology’s King HusseinSchool of Computing Sciences Information Systems Security and Digital Criminology Abstract— The internet become a very important and take essential part in ourlife. Also, it’s very important in Epayment transactions in buying and sellinggoods and doing different banking transactions activities.
And for all thisneed of internet in our life, internet phishing has become one of the mostsignificant issues in cyber-security in cyberspace. We can define phishing asthe way of obtaining confidential information through fraudulent websites thatappear to be look like a legitimate website. it is a kind of as an identitytheft by posing a legitimate entity to trick and cheat user to uncover asensitive personal information.in this paper we will show multiple forms ofphishing, stages of phishing attacks, discuss the existing anti-phishing toolsand comparing each tool with platform and approach used. I.
INTRODUCTION The internet become a veryimportant and take essential part in our life. In most activities in peopledaily life they are using the Internet. It’s become an important medium ofcommunication and contact with family and friends by social media applicationsand websites. Also, it’s very important in E-payment transactions in buying andselling goods and doing different banking transactions activities.
And for all this need of internetin our life, internet phishing has become one of the most significant issues incybersecurity in cyberspace. Internet phishing is using the web applications’vulnerabilities, social engineering and technical ploy to steal user’s identityand sensitive data like financial account information. Online users may betricked facilely into submitting their confidential information for like ausername, email and password to fake websites that has a high similarity instyle and format as the original one. user could submit his sensitive information for example his password,credit card number, bank account and other private or sensitive informationthat may cause a considerable loss to the users. This problem is one of themost critical issues what make users suspect of the e-commerce environment atall. According to published report by Anti-Phishing Work Group (APWG) which isformed to keep track current and future phishers’ activities, there is a rapidevolution of phishes activities and it is targeted many industries such asonline payment services, financial organizations, e-banks, retail and ISPservices, social networks and online governmental organizations. 2 We can define phishing as the way of obtaining confidentialinformation through fraudulent websites that appear to be look like alegitimate website. it is a kind ofas an identity theft by posing a legitimate entity to trick and cheat user touncover a sensitive personal information.
Moreover, there are two major types of phishing websites thefirst one is concocted, and the other is spoof sites. Spoof sites are web sitesthat exactly look like an existing legitimate website. Concocted websites trickusers by trying to appear as unique, legitimate entities. 17 The internet has become a vital medium of communication andways of phishing become more and more intelligent, Phishing can be performed indifferent ways for example: • When any user receives anemail asking him for sensitive information to reply it to the sender email orsent to another email, this case called email-to-email. • email-to-website when anemail that received by someone contains an embedded web address that leads to aPhishing website. • when user clicking on an onlineadvert or through a search engine he will reached a Phishing website, it’scalled website-to-website. • browser-to-website happenswhen a user misspelled a web address of a legitimate website on abrowser and then goes to a Phishing website that has a similar address.
• pop-up windows thatencourage the user to enter them sensitive information. Finally, the URL masksthat conjure up real website address. 18 Advanced forms of phishing: SEO Tricking: TheSEO or search engine optimization are phishing sites that listed on the blacklist and indexed by search engines and inactive wait for victims goes on.
XSS Attacks: theXSS or cross-site-scripting is a technique used in the legal or legitimatesites that insert hyperlinks phishing sites into them. Usually using in theform of discussion forums in comments and replies. Spy-phishing:Malwares are used to collect sensitive information like user names orpasswords. Users can be