SlideShare a Scribd company logo

Phishing Attack : A big Threat

Download as PPTX, PDF
sourav newatia
sourav newatia

Phishing is a type of attack which is not easy to detect . we only understand it is phishing but we cant do anything.

Technology
1 of 44
PHISHING ATTACKS (Not The Kind of Fishing You are Used to) Sourav Newatia 31603206 Mtech Cyber Security
➤ Motivation ➤ Introduction ➤ Phishing Attack Motives ➤ Statistics of Phishing ➤ Types of Phishing ➤ Anti-Phishing Tools ➤ Case-Study ➤ Phishing Detection ➤ Conclusion TABLE OF CONTENT:-
➤ India lost around $53 million (about Rs 328 crore) due to phishing scams with the country facing over 3,750 attacks in 2014. ➤ 4th Largest target of phishing attacks in the world. ➤ 7% of global phishing attacks are targeted in India. ➤ US tops the rank with 27% of phishing attacks. http://www.business-standard.com/article/technology/india-fourth-most-targeted-country-by-phishing-attacks- 113120200343_1.html MOTIVATION:-
➤ Phishing is a fraudulent attempt, usually made through email,to steal your personal information. ➤ Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons through an electronic communication(such as Email). What is Phishing ?
➤ Financial gain : Phishers can use stolen banking credential to their Financial benefits. ➤ Identity hiding : instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities (e.g. purchase of goods). ➤ Fame and notoriety: phishers might attack victims for the sake of peer recognition. Phishing Motives:-
EVOLUTION OF PHISHING:-
Phishing Attack (January- July 2016)
Phishing Attack (July- September 2016)
Targeted Industry Sectors By Phishing Attacks:-
➤ eBay and PayPal are two of the most targeted companies, and online banks are also common targets. ➤ Attractive targets include ☗ Financial institutions ☗ Gaming industry ☗ Social media ☗ Security companies v
In this example ,Spelling mistake in the E-mail ,and the presence of an IP Address in the Link (Visible in the tooltip under the yellow box ) are both clues that this is a phishing attempt.
In this Example , targeted at South Trust Bank Users , the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing Emails.
Steps in PHISHING:-
➤ Deceptive Phishing The Common method is deceptive phishing is E-mail. Phisher Sends a bulk of deceptive emails which command the user to click on link provided. ➤ Malware -Based Phishing Running malicious software on the user’s machine. ☗ Key-Loggers & Screen-Loggers ☗ Session HIjackers TYPES OF PHISHING ATTACKS :-
➤ DNS-Based Phishing ☗ It is used to Pollute the DNS Cache with Incorrect Information which directs the user to the other location. ☗ This type of phishing can be done directly when the user has a misconfigured DNS cache. TYPES OF PHISHING ATTACKS :-
➤ Content-Injection Phishing ☗ In this Attack , a Malicious content is injected into a legitimate site. ☗ This malicious content can direct the user to some other sites or it can install malwares on the computers. TYPES OF PHISHING ATTACKS :-
➤ NETCraft ☗ It alerts the user when connect to the phishing sites. ☗ When a user connects to a phishing site it block the user by showing a warning sign. ☗ It traps suspicious URLs in which the character have no common purpose other than to deceive the user. ANTI-PHISHING TOOLS:-
➤ ThreatFire ☗ ThreatFire Provides Behaviour based security monitoring solution protecting unsafe system. ☗ It Continuously analyses the programs and processes on the system and if it find any suspicious actions. ☗ It can be Used with the normal antivirus programs or firewall which adds an additional level of security of the system.
☗ It is an adware and spyware utility which identifies and clears any potential adware , trojans ,key-loggers , spyware , and other malware of the system. ☗ It also features browser monitoring immunization again ActiveX controls , and automatic cookie deletion. ➤ Spyware Doctor
➤ PhishTank SiteChecker ➤ Spoof-Guard ➤ Trust-Watch Toolbar ➤ Adware Inspector Other Anti-Phishing Tools :-
➤ ACTIVE WARNING The warning does not block the content-area and enables the user to view both the content and the warning as in the snapshot. ➤ PASSIVE WARNING The warning blocks the content-data, which prohibits the user from viewing the content-data while the warning is displayed. PHISHING ATTACK WARNINGS:-
CASE-STUDIES
➤ The US and Egyptian fraudsters were accused of using phishing scams to steal account details from hundreds, possibly thousands, of people, and transferring about $1.5 million into fake accounts they controlled. ➤ The group of fraudsters were accused of targeting US financial institutions and victimising a number of account holders by fraudulently using their personal financial information after they were successfully Phished. ➤ American authorities charged 53 people, while Egypt charged 47, with offences including conspiracy to commit bank fraud, computer fraud, money laundering and aggravated identity theft. The bank fraud alone could lead to jail sentences of 20 years. CASE STUDY I (The Largest International Phishing Case)
➤ A few customers of ICICI Bank received an email asking for their Internet login name and password to their account. ➤ The email seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site. ➤ The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received emails forwarded by the bank's customers seeking to crosscheck the validity of the emails with the bank. ➤ Lost 43 Lakhs Approx. CASE STUDY II (ICICI BANK PHISHING CASE)
➤ The Hackers compromised the EA Games server by exploiting one of the vulnerabilities in an outdated WebCalendar application and used it as a weapon to create the fake "My Apple ID" page designed to look like the legitimate Apple login page, as shown. Once the users submit the details, they are redirected to the legitimate Apple ID website. ➤ Using hijacked Apple ID details, hackers can gain access users' personal data stored on iCloud, including email, contacts, calendars, and photos, that could even be used to clone an iPhone or iPad by restoring an iCloud backup to a device in their possession. CASE STUDY III (EA Games website hacked; Phishing page hosted to steal Apple IDs)
➤ In this phishing attack, victims are asked to enter their account number, mobile number, email address, one time password (OTP) and other details. ➤ FireEye identified a new domain (csecurepay[.]com) that was registered on October 23 this year and appears to be an online payment gateway but actually is a phishing website that leads to the capturing of customer information from 26 banks operating in the country, the company said in a statement on Thursday. ➤ In this phishing attack, victims are asked to enter their account number, mobile number, email address, one time password (OTP) and other details. Once the information is collected, the website displays a fake failed login message to the victim. CASE STUDY IV (Phishing website spoof 26 banks, including SBI, BOB )
➤ Awareness and training programs 1. Making use of regular communications to explain the phishing Problem. 2. Establishing a simple mechanism for reporting phishing attacks 3. Posting alerts on security website
➤ Blacklists hold URLs that refer to sites that are considered malicious. Whenever a browser loads page, it queries blacklist to determine whether currently visited URL is on this list. If so, appropriate countermeasures can be taken. Otherwise, the page is considered legitimate. ➤ The drawback of this approach is that the blacklist usually cannot cover all phishing websites since newly created fraudulent website takes considerable time before it can be added to the list. Phishing Detection Using Blacklist
➤ The proposed heuristics in are: 1) Extract company name from the suspected URL. 2) Search for the extracted company name in Google, and return the rest 10 results. 3) If the suspected URL belongs to the rst 10 returned Google results, then the page is legitimate. 4) If the suspected URL does not belong to the rst 10 returned Google results, then the suspected URL is classfied as phishing. 5) If the suspected URL is classfied as phishing, it will be saved in a database. A Phishing Sites Blacklist Generator
➤ CANTINA is an Internet Explorer toolbar that decides whether a visited page is a phishing page by analyzing its content. ➤ CANTINA uses Term Frequency-Inverse Document Frequency (TF-IDF), search engines. Phishing Detection Using CANTINA
➤ The following procedures are performed by CANTINA to detect phishing websites: 1) TF-IDF of each term on a suspected web page is calculated. 2) Top 5 terms with highest TF-IDF values are taken to represent the document. 3) Submit the 5 terms into a search engine Google search query and store domain names of the first returned n entries. (e.g.http://www.google.ae/search?q=t1,t2,t3,t4,t5,) 4) If the suspected domain name is found within the n number of returned results, then the site is legitimate.
➤ Social Security number ➤ Drivers license number ➤ Account, credit card, and debit card numbers ➤ Mothers maiden name ➤ Passwords, access codes and PINs ➤ Pets name and name of first school (often used for forgotten password resets) What kind of information should I protect ?
➤ PhishGuard’s implementation is a proof of concept that only detects phishing attacks based on testing HTTP Digest authentications. ➤ The work in bases its protection against phishing on the idea that phishing websites do not often verify user credentials, but merely store them for later use by the phisher. PhishGuard: A Browser Plug-in
1) The user visits a page. 2) If the visited page sends an authentication request, and if the user submitted the authentication form, then PhishGuard starts its testing procedures. 3) PhishGuard would send the same user ID, followed by a random password that does not match the real password, for random n times. 4) If the page responded with HTTP 200 OK message, then it would mean the page is a phishing site, and is simply returning fake authentication success messages.
5) If the page responded with HTTP 401 Unauthorized message, then it could possibly mean: • The site is a phishing site that blindly responds with failure authentication messages. • The site is a legitimate site. 6) To distinguish between the two possibilities above, PhishGuard would send real credentials to the website for the n + 1 time.
➤ The proposed solution aims toward providing: ● Better protection against zero-hour attacks than blacklists. ● A solution that requires relatively minimal resources (11 rules), which is far lower than number of rules in SpamAssassin ; at the time of writing the paper SpamAssassin used 795 rules. ● Minimum false positives. Phishwish: A Stateless Phishing Filter Using Minimal Rules
The proposed rules are (where positive indicates phishiness): • Rule 1: If a URL is a login page that is not a business’s real login page, the result is positive. The paper specifies that this is analyzed based on data returned from search engines. • Rule 2: If the email is formatted as HTML, and an included URL uses Transport Layer Security (TLS) while the actual Hypertext Reference (HREF) attribute does not use TLS, then the result is positive. • Rule 3: If the host-name portion of a URL is an IP address, the result is positive. • Rule 4: If a URL mentions an organization’s name (e.g. PayPal) in a URL path but not in the domain name, the result is positive. • Rule 5: If URL’s displayed domain does not match the domain name as specified in HREF attribute, the result is positive
➤ Phishing has becoming a serious network security problem, causing financial loss of billions of dollars to both consumer send e-commerce companies. ➤ As a future , We educate the user about this policy will results in avoiding user to give his sensitive information to phished Website. CONCLUSION:-
➤ Rao, Routhu Srinivasa, and Syed Taqi Ali. "PhishShield: A desktop application to detect phishing webpages through heuristic approach." Procedia Computer Science 54 (2015): 147-156. ➤ 1.M. Khonji, Y. Iraqi, Andrew Jones. “Phishing detection: A Literature Survey”, Communications Survey & Tutorials, IEEE, pp. 2091-2121, Vol. 15, No. 4, Fourth Quarter 2013. ➤ 1.B. B. Gupta , Aakanksha Tewari , Ankit Kumar Jain, Dharma P. Agrawal “Fighting against phishing attacks: state of the art and future challenges” Review ,Springer, March 2016. ➤Anti-Phishing Working Group (APWG), “Phishing activity trends report — second half 2010,” http://apwg.org/reports/apwg report h2 2010.pdf, 2010, accessed December 2011 REFERENCES
THANKS..!!!

Recommended

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Cybercrime ppt competition
Cybercrime ppt competitionCybercrime ppt competition
Cybercrime ppt competitionMumbai University
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 

Recommended

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Cybercrime ppt competition
Cybercrime ppt competitionCybercrime ppt competition
Cybercrime ppt competitionMumbai University
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Phishing
PhishingPhishing
PhishingHHSome
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 

More Related Content

What's hot

Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Phishing
PhishingPhishing
PhishingHHSome
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing
PhishingPhishing
Phishing
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Phishing
PhishingPhishing
Phishing
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 

Similar to Phishing Attack : A big Threat

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...IOSR Journals
 
IT2252_Presentation_Group03.pptx
IT2252_Presentation_Group03.pptxIT2252_Presentation_Group03.pptx
IT2252_Presentation_Group03.pptxNLFunnyFunky
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
phishing attack - man in the middle.pptx
phishing attack - man in the middle.pptxphishing attack - man in the middle.pptx
phishing attack - man in the middle.pptx2021000444deepak
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
Cyber Crime and Security Presentation
Cyber Crime and Security PresentationCyber Crime and Security Presentation
Cyber Crime and Security PresentationPreethi Kumaresh
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of CybercrimeRubi Orbeta
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
Business of Hacking
Business of HackingBusiness of Hacking
Business of HackingDaniel Ross
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 

Similar to Phishing Attack : A big Threat (20)

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
 
IT2252_Presentation_Group03.pptx
IT2252_Presentation_Group03.pptxIT2252_Presentation_Group03.pptx
IT2252_Presentation_Group03.pptx
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Phishing
PhishingPhishing
Phishing
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
phishing attack - man in the middle.pptx
phishing attack - man in the middle.pptxphishing attack - man in the middle.pptx
phishing attack - man in the middle.pptx
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Cyber Crime and Security Presentation
Cyber Crime and Security PresentationCyber Crime and Security Presentation
Cyber Crime and Security Presentation
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
 
Business of Hacking
Business of HackingBusiness of Hacking
Business of Hacking
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Phishing Attack : A big Threat

  • 1. PHISHING ATTACKS (Not The Kind of Fishing You are Used to) Sourav Newatia 31603206 Mtech Cyber Security
  • 2. ➤ Motivation ➤ Introduction ➤ Phishing Attack Motives ➤ Statistics of Phishing ➤ Types of Phishing ➤ Anti-Phishing Tools ➤ Case-Study ➤ Phishing Detection ➤ Conclusion TABLE OF CONTENT:-
  • 3. ➤ India lost around $53 million (about Rs 328 crore) due to phishing scams with the country facing over 3,750 attacks in 2014. ➤ 4th Largest target of phishing attacks in the world. ➤ 7% of global phishing attacks are targeted in India. ➤ US tops the rank with 27% of phishing attacks. http://www.business-standard.com/article/technology/india-fourth-most-targeted-country-by-phishing-attacks- 113120200343_1.html MOTIVATION:-
  • 4. ➤ Phishing is a fraudulent attempt, usually made through email,to steal your personal information. ➤ Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons through an electronic communication(such as Email). What is Phishing ?
  • 5. ➤ Financial gain : Phishers can use stolen banking credential to their Financial benefits. ➤ Identity hiding : instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities (e.g. purchase of goods). ➤ Fame and notoriety: phishers might attack victims for the sake of peer recognition. Phishing Motives:-
  • 8. Phishing Attack (July- September 2016)
  • 9. Targeted Industry Sectors By Phishing Attacks:-
  • 10. ➤ eBay and PayPal are two of the most targeted companies, and online banks are also common targets. ➤ Attractive targets include ☗ Financial institutions ☗ Gaming industry ☗ Social media ☗ Security companies v
  • 11. In this example ,Spelling mistake in the E-mail ,and the presence of an IP Address in the Link (Visible in the tooltip under the yellow box ) are both clues that this is a phishing attempt.
  • 12. In this Example , targeted at South Trust Bank Users , the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing Emails.
  • 14. ➤ Deceptive Phishing The Common method is deceptive phishing is E-mail. Phisher Sends a bulk of deceptive emails which command the user to click on link provided. ➤ Malware -Based Phishing Running malicious software on the user’s machine. ☗ Key-Loggers & Screen-Loggers ☗ Session HIjackers TYPES OF PHISHING ATTACKS :-
  • 15. ➤ DNS-Based Phishing ☗ It is used to Pollute the DNS Cache with Incorrect Information which directs the user to the other location. ☗ This type of phishing can be done directly when the user has a misconfigured DNS cache. TYPES OF PHISHING ATTACKS :-
  • 16. ➤ Content-Injection Phishing ☗ In this Attack , a Malicious content is injected into a legitimate site. ☗ This malicious content can direct the user to some other sites or it can install malwares on the computers. TYPES OF PHISHING ATTACKS :-
  • 17. ➤ NETCraft ☗ It alerts the user when connect to the phishing sites. ☗ When a user connects to a phishing site it block the user by showing a warning sign. ☗ It traps suspicious URLs in which the character have no common purpose other than to deceive the user. ANTI-PHISHING TOOLS:-
  • 18.
  • 19. ➤ ThreatFire ☗ ThreatFire Provides Behaviour based security monitoring solution protecting unsafe system. ☗ It Continuously analyses the programs and processes on the system and if it find any suspicious actions. ☗ It can be Used with the normal antivirus programs or firewall which adds an additional level of security of the system.
  • 20.
  • 21. ☗ It is an adware and spyware utility which identifies and clears any potential adware , trojans ,key-loggers , spyware , and other malware of the system. ☗ It also features browser monitoring immunization again ActiveX controls , and automatic cookie deletion. ➤ Spyware Doctor
  • 22.
  • 23. ➤ PhishTank SiteChecker ➤ Spoof-Guard ➤ Trust-Watch Toolbar ➤ Adware Inspector Other Anti-Phishing Tools :-
  • 24. ➤ ACTIVE WARNING The warning does not block the content-area and enables the user to view both the content and the warning as in the snapshot. ➤ PASSIVE WARNING The warning blocks the content-data, which prohibits the user from viewing the content-data while the warning is displayed. PHISHING ATTACK WARNINGS:-
  • 25.
  • 27. ➤ The US and Egyptian fraudsters were accused of using phishing scams to steal account details from hundreds, possibly thousands, of people, and transferring about $1.5 million into fake accounts they controlled. ➤ The group of fraudsters were accused of targeting US financial institutions and victimising a number of account holders by fraudulently using their personal financial information after they were successfully Phished. ➤ American authorities charged 53 people, while Egypt charged 47, with offences including conspiracy to commit bank fraud, computer fraud, money laundering and aggravated identity theft. The bank fraud alone could lead to jail sentences of 20 years. CASE STUDY I (The Largest International Phishing Case)
  • 28. ➤ A few customers of ICICI Bank received an email asking for their Internet login name and password to their account. ➤ The email seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site. ➤ The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received emails forwarded by the bank's customers seeking to crosscheck the validity of the emails with the bank. ➤ Lost 43 Lakhs Approx. CASE STUDY II (ICICI BANK PHISHING CASE)
  • 29. ➤ The Hackers compromised the EA Games server by exploiting one of the vulnerabilities in an outdated WebCalendar application and used it as a weapon to create the fake "My Apple ID" page designed to look like the legitimate Apple login page, as shown. Once the users submit the details, they are redirected to the legitimate Apple ID website. ➤ Using hijacked Apple ID details, hackers can gain access users' personal data stored on iCloud, including email, contacts, calendars, and photos, that could even be used to clone an iPhone or iPad by restoring an iCloud backup to a device in their possession. CASE STUDY III (EA Games website hacked; Phishing page hosted to steal Apple IDs)
  • 30. ➤ In this phishing attack, victims are asked to enter their account number, mobile number, email address, one time password (OTP) and other details. ➤ FireEye identified a new domain (csecurepay[.]com) that was registered on October 23 this year and appears to be an online payment gateway but actually is a phishing website that leads to the capturing of customer information from 26 banks operating in the country, the company said in a statement on Thursday. ➤ In this phishing attack, victims are asked to enter their account number, mobile number, email address, one time password (OTP) and other details. Once the information is collected, the website displays a fake failed login message to the victim. CASE STUDY IV (Phishing website spoof 26 banks, including SBI, BOB )
  • 31. ➤ Awareness and training programs 1. Making use of regular communications to explain the phishing Problem. 2. Establishing a simple mechanism for reporting phishing attacks 3. Posting alerts on security website
  • 32. ➤ Blacklists hold URLs that refer to sites that are considered malicious. Whenever a browser loads page, it queries blacklist to determine whether currently visited URL is on this list. If so, appropriate countermeasures can be taken. Otherwise, the page is considered legitimate. ➤ The drawback of this approach is that the blacklist usually cannot cover all phishing websites since newly created fraudulent website takes considerable time before it can be added to the list. Phishing Detection Using Blacklist
  • 33. ➤ The proposed heuristics in are: 1) Extract company name from the suspected URL. 2) Search for the extracted company name in Google, and return the rest 10 results. 3) If the suspected URL belongs to the rst 10 returned Google results, then the page is legitimate. 4) If the suspected URL does not belong to the rst 10 returned Google results, then the suspected URL is classfied as phishing. 5) If the suspected URL is classfied as phishing, it will be saved in a database. A Phishing Sites Blacklist Generator
  • 34. ➤ CANTINA is an Internet Explorer toolbar that decides whether a visited page is a phishing page by analyzing its content. ➤ CANTINA uses Term Frequency-Inverse Document Frequency (TF-IDF), search engines. Phishing Detection Using CANTINA
  • 35. ➤ The following procedures are performed by CANTINA to detect phishing websites: 1) TF-IDF of each term on a suspected web page is calculated. 2) Top 5 terms with highest TF-IDF values are taken to represent the document. 3) Submit the 5 terms into a search engine Google search query and store domain names of the first returned n entries. (e.g.http://www.google.ae/search?q=t1,t2,t3,t4,t5,) 4) If the suspected domain name is found within the n number of returned results, then the site is legitimate.
  • 36. ➤ Social Security number ➤ Drivers license number ➤ Account, credit card, and debit card numbers ➤ Mothers maiden name ➤ Passwords, access codes and PINs ➤ Pets name and name of first school (often used for forgotten password resets) What kind of information should I protect ?
  • 37. ➤ PhishGuard’s implementation is a proof of concept that only detects phishing attacks based on testing HTTP Digest authentications. ➤ The work in bases its protection against phishing on the idea that phishing websites do not often verify user credentials, but merely store them for later use by the phisher. PhishGuard: A Browser Plug-in
  • 38. 1) The user visits a page. 2) If the visited page sends an authentication request, and if the user submitted the authentication form, then PhishGuard starts its testing procedures. 3) PhishGuard would send the same user ID, followed by a random password that does not match the real password, for random n times. 4) If the page responded with HTTP 200 OK message, then it would mean the page is a phishing site, and is simply returning fake authentication success messages.
  • 39. 5) If the page responded with HTTP 401 Unauthorized message, then it could possibly mean: • The site is a phishing site that blindly responds with failure authentication messages. • The site is a legitimate site. 6) To distinguish between the two possibilities above, PhishGuard would send real credentials to the website for the n + 1 time.
  • 40. ➤ The proposed solution aims toward providing: ● Better protection against zero-hour attacks than blacklists. ● A solution that requires relatively minimal resources (11 rules), which is far lower than number of rules in SpamAssassin ; at the time of writing the paper SpamAssassin used 795 rules. ● Minimum false positives. Phishwish: A Stateless Phishing Filter Using Minimal Rules
  • 41. The proposed rules are (where positive indicates phishiness): • Rule 1: If a URL is a login page that is not a business’s real login page, the result is positive. The paper specifies that this is analyzed based on data returned from search engines. • Rule 2: If the email is formatted as HTML, and an included URL uses Transport Layer Security (TLS) while the actual Hypertext Reference (HREF) attribute does not use TLS, then the result is positive. • Rule 3: If the host-name portion of a URL is an IP address, the result is positive. • Rule 4: If a URL mentions an organization’s name (e.g. PayPal) in a URL path but not in the domain name, the result is positive. • Rule 5: If URL’s displayed domain does not match the domain name as specified in HREF attribute, the result is positive
  • 42. ➤ Phishing has becoming a serious network security problem, causing financial loss of billions of dollars to both consumer send e-commerce companies. ➤ As a future , We educate the user about this policy will results in avoiding user to give his sensitive information to phished Website. CONCLUSION:-
  • 43. ➤ Rao, Routhu Srinivasa, and Syed Taqi Ali. "PhishShield: A desktop application to detect phishing webpages through heuristic approach." Procedia Computer Science 54 (2015): 147-156. ➤ 1.M. Khonji, Y. Iraqi, Andrew Jones. “Phishing detection: A Literature Survey”, Communications Survey & Tutorials, IEEE, pp. 2091-2121, Vol. 15, No. 4, Fourth Quarter 2013. ➤ 1.B. B. Gupta , Aakanksha Tewari , Ankit Kumar Jain, Dharma P. Agrawal “Fighting against phishing attacks: state of the art and future challenges” Review ,Springer, March 2016. ➤Anti-Phishing Working Group (APWG), “Phishing activity trends report — second half 2010,” http://apwg.org/reports/apwg report h2 2010.pdf, 2010, accessed December 2011 REFERENCES

Editor's Notes

  1. And
  2. Phishing website spoof 26 banks, including SBI, ICICI