SK International Journal of Multidisciplinary Research Hub

Transcription

1 ISSN: (Online) Volume 2, Issue 9, September 2015 Journal for all Subjects Research Article / Survey Paper / Case Study Published By: SK Publisher ( Novel Method to Protect Against Phishing Attack Gaurav Kumar Dep. Of Information Technology, Bengal College Of Engineering & Technology, Durgapur, West Bengal, India Abstract: Phishing is major issue in the Internet world and also all over world. In many case phishing is done by . Now this days whole world are suffering to the phishing and the case of phishing are increase suddenly days to days, many of Anti phishing organization work on the to protect user or people to the phishing but they are in success in the less percent and the increasing rate of phishing are suddenly increase. In this present work first I write concept of phishing to understand the term phishing and proposed new method to protect against phishing generally fraud, if we work start on the proposed method we can easily say that we are safe from the phishing attack, experimental result in this work show that the method work successfully or we safe for the phishing. KeyWords: Phishing, Phishing attack, Phishing type and technique, Anti Phishing. I. INTRODUCTION Phishing is fraud method or fraud method in which the attacker accrue sensitive information such as financial information like credit card, user name, password details sometime money also [1]. Commonly the messages appear to come trustworthy, well known and famous websites. Websites that are widely used by phishers in purpose of spoofed like ebay, PayPal, Yahoo etc and now this day phishing keep growing [2]. The risk of grows in larger in the social media such as Facebook, Google+ and Twitter [3]. Phishers take help of these trustworthy and famous sites to attack people using them on their home, workplace to take security as well as personal information which can be affect organization. Generally Security refers the safe of your data in the terms of security to the phishing the data are credit card, user name and password or security information [4]. Phishing may be contain link that website may be injected with the malware [5]. In the common word phishing is more often example of social engineering technique used by the device user [6]. Now this days Phishing are growing rapidly in worldwide, the Phishing case are increasing year by year more suddenly and many Organization such as government, private work on the Protect user or public against the phishing. Phone phishing are now these days are also widely used by phishers to spoofing people. The mission of Anti phishing working group is to provide a resource for information on the problem and solution for phishing or fraud [7]. KEY CONCEPT II. PHISHING TYPES 1. Phishing method of fraud or method of accrue sensitive information such as credit card, password, username etc details by using trustworthy entity such as famous website in an electronic communication. In October 2013 this method is used by phishers using name of American Express. Were sent to unknown number of recipients. 2. Spear Phishing The attack are directed attempt to company have been categories as spear phishing. In this phishing phishers get required personal information directly to chance of success maximum. The technique widely success in today internet world and average 91% of accounting case phishing done by this method. 2015, SK Publisher All Rights Reserved 12 P age

2 3. Clone Phishing- In this type of phishing attack where a effectual and already delivered, include link or an attachment had content and its recipient address taken and used to construct nearly cloned . The link within the is replaced with the malicious version and after that send from an address spoofed to appear come from the legal or original sender. 4. Whaling- In this type of attack, attacker or phishers target directly to the high profile or senior executive of the company within businesses and the term whaling classify this type of attack. In this case of attack targeted a webpage or take more serious high profile or senior executive level form. The content to target upper level manager or upper level person in the company, the content of the attack are written in form of legal customer complain or executive. Whaling phishermen also use name of higher government authority. III. PHISHING TECHNIQUES 1. Link Manipulation In this technique phisher design a link in (and spoofed the website its lead to) appear to belong to spoofed organization. The use of sub domain is the trick used the attacker. 2. Filter evasion In this technique phishers don t use text directly, in this technique images are used by phishers and instead of it difficult to detect anti phishing filter text that widely used in the phishing . But in the new technology most anti phishing filter are able to recover text that hidden in the images generally these filter optical Character recognition to optically scan the hidden text and filter in it. Some of the anti phishing organization also use intelligent word recognition which is also successful. 3. Website forgery- In this type of phishing technique, phishers make a website same as the trustworthy website and once time a victim visit to phishing website that s and the deception not over. Some of phishing scams that help in history used java script command to order the alter the address bar and the work is done by with the help placing a picture of legitimate URL. 4. Covert redirected In this phishing technique, phishers use the link of legitimate website but when any one clicks on the link, it redirected to the victim of an attacker website. Generally this is used log in popup based of an affected site s domain. 5. Phone phishing Phone phishing are widely increase in this days. In this type of phishing attacker message you that you win some amount of money and if you want to claim the money send your security or sensitive information such as name, mobile number, address, account number etc. One another type of phishing is also target by phishers that are directly they call you and give you phishers own details of name higher bank authority and tell you about wrong or fake issue of your account and request you to give your sensitive information or security information such as credit card number, pin, cvv number etc. The phone phishing techniques are suddenly increased in now in this era. 6. Tabnabbing In this phishing technique, mainly phishers use advantage of multiple tabs in browser. Which use multiple open tabs and that user are use and redirected a user effected site. 7. Evils Twin In this phishing technique, it s hard to detect this type of fraud work. Mainly in this technique phishers make a fake wireless network that structure and look are similar to legitimate public network that generally found in airport, bus stand, hotels, coffee shops if any one connect own system to the network they try to capture password, credit card details etc. IV. PHISHING SCAMS The damage cause by the phishing attack ranges from denial of access through the to enough financial loss. That is counted between the year may 2004 to may 2005 that is 1.2 millions of computer user are suffered losses that cause by phishing, approximate 229 million us dollar and from the one survey united state business loss an approximate 2 billion yearly as their client become victim [20]. In the year 2007 phishing attack increased suddenly and result 3.6 million adults lost and 3.2 billion dollar in ending of august 2007[21]. 2015, SK Publisher All Rights Reserved ISSN: (Online) 13 P age

3 According to the report of 3 rd Microsoft computing safer index released in month February year the annual impact of phishing could be high as 5 billion dollar [22]. The bank of Ireland suddenly refused to cover losses suffered by its customer. V. ANTI PHISHING As the recently in the year 2007, the adoption of anti- phishing strategies by businesses that needed to protect financial as well as personal information. Now in these days there are several different techniques including legislation and technology that protect against phishing these technology include phone, website, , organization now can be reported as authorities. 1. Social response Social response category under train people to protect against the phishing attack. People can take step to avoid phishing slightly modifying their browsing habit that when any one contacted about sensitive information, you directly contact to organization. Nearly all legitimate from company contain that information that not available on phishers. 2. Technical Response Anti phishing measure or detector have been implemented as feature of browsers, as extension or as toolbars for browsers. Anti phishing software also available in online. There is other technique in this part such as (1) Helping to identify legitimate website, (2) Secure connection, (3) Which site, (4) Who is the authority, (5) Fundamental laws in the security model of secure browsing (6) Browser alerting user to fraudulent website and (7) eliminating phishing mail etc. PHISHING INCIDENT VI. PROPOSED METHOD FOR PROTECT AGAINST PHISHING ATTACK 1. SELF INTELLIGENCY 2. REPORT 3. ACTION 4. FINAL 1. SELF INTELLIGENCY First is the self intelligence power, first control self against fraud or phishing , bank or any other financial organization not give you prize even not tell you about claiming your prize. 2. REPORT In this section you report against phishing to your mail service provider or other organization such as government or private that work on phishing and unsubscribe the phishing in your account. 3. ACTION In this stage basically work for service provider and other organization that work on phishing. First service provider investigate the reported and ban it on your service that why it never send the phishing again to user. If possible find the fraud people and give for law. 4. FINAL In this stage take care of all the above process, basically send a to requesting user to report about phishing , check the process two that lies report against phishing coming or not and the process three action against phishing taken or not. 2015, SK Publisher All Rights Reserved ISSN: (Online) 14 P age

4 FLOW CHART 1. VII. EXPERIMENTAL RESULTS SELF INTELLI GENCY REPORT ACTION FINAL YOU ARE SAFE 2. FINAL IS PROCESS 1, 2, 3 IS YES THEN YES OTHERWISE NO NO THEN NOT SAFE YES THEN SAFE MATH PROOF Here number is shown process number. Phishing Incident= Is process 1 is yes then go to process 2 otherwise no. Is process 2 is yes then go to process 3 otherwise no. Is process 3 is yes then go to process 4 otherwise no. 2015, SK Publisher All Rights Reserved ISSN: (Online) 15 P age

5 Is process 4 is yes then we are safe from the phishing attack and if any one of process 1 to three are no then process four are no that lies all the 1, 2, 3 process are yes then four yes =Secure against Phishing attack. THEORATICAL PROOF From the above proposed method we can see that we are safe from the phishing attack. The proposed method is divided into four method first one is the Self intelligency means that self control is main factor in the protect self against phishing and in this method you learn about the how to avoid phishing target. Now coming to second one Report against phishing if any one target to you for phishing first you report about that your service provider such as service provider or anti phishing organization government or private that working on Anti phishing. After that coming to next one that is Action means basically for service provider or Anti phishing organization take strict action about the reported phishing target. And last one is the Final that means how we do all in this method take care of all the above process if any fault in any of the above three process just prepare report about it or send a reminder message to all of above that you do own responsibility that lies tell to user report about phishing target that after that phishers not target anyone and technically do own responsibility of safe user to the phishing attack. VIII. CONCLUSION From the above result it seen that if we start working now on the proposed method the chance of phishing be less and now phishing increasing suddenly days to days, from the use of above method the increase phishing scams goes down in decreasing order and people are feel safe to the phishing attack. Basically from the my thinking one need of government organization that take care of final that I tell in last method and work of organization take care of above three process and time to time send reminder to user and Anti phishing organization. References 1. RAMZAN, ZULFIKAR (2010). "PHISHING ATTACKS AND COUNTERMEASURES". IN STAMP, MARK & STAVROULAKIS, PETER.HANDBOOK OF INFORMATION AND COMMUNICATION SECURITY. ON 23 SEPTEMBER ON 24 SEPTEMBER Retrieved 25 September GAURAV KUMAR, NOVEL METHOD AND PROCEDURE FOR SYSTEM SECURITY On INTERNATIONAL JOURNAL OF ADVANCE ENGINEERING AND GLOBAL TECHNOLOGY IN VOLUME 3 ISSUE 9. ON 25 September "Safe Browsing (Google Online Security Blog)". Retrieved 25 September Microsoft Corporation. "What is social engineering?" Retrieved 25 September Retrieved 25 September Gaurav Kumar, Best Plan for System Security on International Journal of Advance Research in Computer Science & Technology In Volume 3 Issue 3. On 25 September Retrieved 25 September Paul, Andrew. "Phishing s: The Unacceptable Failures of American Express". Answers. Retrieved 25 September "What is spear phishing?". Microsoft Security At Home. Retrieved September 25, Stephenson, Debbie. "Spear Phishing: Who s Getting Caught?". Firmex. Retrieved 25 September "What Is 'Whaling'? Is Whaling Like 'Spear Phishing'?". About Tech. Archived from the original on On 25 September "Fake subpoenas harpoon 2,100 corporate fat cats". The Register. Archived from the original on On September 25, "HSBC Security and Fraud Center Phishing Scams,Fraud Protection". Hsbcusa.com. Retrieved Mutton, Paul. "Fraudsters seek to make phishing sites undetectableby content filters". Netcraft. On 25 September The use of Optical Character Recognition OCR software in spam filtering - PowerPoint PPT Presentation On 25 September Mutton,Paul. "PhishingWebsite Methods".FraudWatchInternational.On September 25, "Serious security flaw in OAuth, OpenID discovered".cnet.2 May On 25 September Kerstein, Paul (July 19, 2005). "How Can We Stop Phishing and Pharming Scams?". CSO. On 25 September McCall, Tom (December 17, 2007). "Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks". Gartner on 25 September "20% Indians are victims of online phishing attacks: Microsoft". IANS. News.biharprabha.com. Retrieved 25 September , SK Publisher All Rights Reserved ISSN: (Online) 16 P age

6 AUTHOR(S) PROFILE Gaurav Kumar is pursuing the degree in Information Technology from the Maulana Abul Kalam Azad University of Technology (formerly known as West Bengal University of Technology) Kolkata, India. His research and study area are Information Security, Digital Watermarking, Digital Image Processing, Design and Analysis Of Algorithm, Operating System, Computer Architecture, Cloud Computing, Data structure, JAVA, C, C++, PYTHON. 2015, SK Publisher All Rights Reserved ISSN: (Online) 17 P age