Abstract—This surveys the literature on the detection and defence of phishing. The attack target vulnerabilities that exist in the system due to human factor . The phishing is the frequent technique that is used over the internet to device user with the goal of extracting their personal information such as username,password,credit card number & bank account information. In this paper we survey on phishing and its type, the scenario of phishing .
I. INTRODUCTION
One of the most money making offence since past is “identity theft”, which mean to filch any person’s identity. In conventional term criminals perform these either by homicide the victim and pretended to be a person or stealer private information from f the garbage by entering information from remaining letters, financial record, electricity bill, and many other bill and things which are discard without shredding the property.
In real world the criminals are who steal some money, land, property the things which are confidential and which were present in the real world. In real world someone who theft something we said that person theft. But there is a question the person who steal the things virtually from the virtual world? The answer is hacking. But in case of fake websites on any web browser that was called phishing.
The phishing is imitative from the similarity of fishing for victims password and documentation in the web or web storage etc.
The expression ”ph” was come the phone phreaking. It was an technique was very general that bothered telephone system during 1970 s.
The phase phishing was introduced for the first time in virtual world owner through internet by a group of hacker in late 1996 s. Shawl America Online(AOL) accounts by trapping unaware AOL users into disc lashing their password. Now , there was a question arises what we have to referred to as phishing. The phishing can be refused to as an computerised identify theft , which takes the benefit of human nature and the internet to help millions of people and take a great amount of money. Now a days, attacks have become major issue in network. The phishing is a threat that acquire sensitive information such as username, password etc. through online. The cyber-attacks in now days attacks have become major problem it will intrude into the network infrastructure and also collects the whole information need to cause vulnerability to the networks. The attacks may occur in any way passive attacks and active attacks.
Normally , the phisher hijack a bank web pages and send emails to the victim in order to trick the victim to visit the dangerous and malicious site in order to collect the victim bank account information and card number. The phisher play an important role in phishing. a complete phishing attack in values the role of phisher.
II. DEFINITION
The definition of phishing attack is states that:-
“The Phishing is a fraudulent attempt or attack , usually made through email or fraud websites to steal your personal information and data.”
The definition limits phishing attacks to stealing personal information which is not always the case. For example, a socially engineered message can lure the victim to install a man in the browser (M I TB) malware which would in turn transfer money to the attacker bank account, wherever the victim lags in to perform his/her banking tasks. Without the need to steal the victim’s personal information.
The another definition is provided by Colin Whitaker:-
“ We define a phishing page as any web page that without permission alleges to act on behalf of a third party with the intention of confusing viewers into performing an action with which the viewer would only trust agent of the third party.”
The passive attack in phishing. We can say phishing is the passive attack.
The phishing is the form of online identity theft that aims to steal sensitive information such as online password and credit card information.
Diagram:-
the phishing attack is the type of social engineering attack often to steal user data, including login credentials and credit card number. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message , or text message. The recipients then tricked into clicking a malicious link, which can lead to the installation of malware , the freezing of the system as part of a ransom ware attack or the revealing of sensitive information.
III. TYPE OF PHISHING
Phishing has spread beyond e mail to include V OI P, S MS, Instant messaging games. Below are some major categories of phishing.
A. Clone phishing
Clone phishing is a type of phishing attack where hacker tries to clone a web site that is victim usually visits. The clone web site usually asks for login credentials , mimicking the real websites.
B. Spear Phishing
Spear phishing targets at specific group. So instead of casting out thousand of e-mail randomly spear phisher target selected group of people with something in common. For e g. The people from same org. spear phishing is represented as
C. Phone Phishing
This type of phishing refers to message that claim to be from a bank asking user to dial a phone no. regarding to problems with the bank accounts. the S MS phishing is type of phone phishing. The end users will receives sms telling them that he /she has successfully enter the service. If for some reason he/she want to exit out by that service they should visit the website now the end users visit the website and provide the confidential and sensitive information to the phishers/ hackers
D. Man-in-the-middle-attack
A man-in-the-middle-attack often refers to the an attack in which an phisher secretly intercepts the electronic messages given between the sender and receiver during message transmission . this attack uses the Trojan horses to intercept personal information.
IV. PHISHING SCENARIO
The steps followed by a phisher attempt the typical phishing as begins:
Phisher runs a spoofed version of the target website over a web server and sends spoofed email to the target users.
The send email generally contains a message stating an emergency which requires immediate action.
The spurious link in the mail directs the user to the web server on which the phisher has hosted the similar the looking login page of the targeted website.
The user supplies his credentials on the spoofed website, that which stored by the phisher
The user information is the utilised by the phisher to do the fraud
Present and past pie chart of cyber attack in INDIA & other COUNTRY.
Past pie chart
In this chart INDIA has a country in which only 5% cyber crimes were attacked. But after some year extend the percentage of crime is increased at 5.16%. this would be increase day by day.
Present pie chart
V. PHISHING DETECTION
While there are many proposals that detected the phishing websites, in this paper we only figure out the most recent phishing detection proposal
A. Search engine Based
In this technique the extra feature such as text, images,URL s then search these in same or multiple search engine. The assumption of detecting the normal website is that it will be among the top search result. Phishing web pages, normal website typically have a higher index than which remain active for a short time.
B. Machine learning based
These technique extract a set of feature of either text, image or url specific information from normal or abnormal websites. All technique in this category extract a set of feature such as web pages content , URLs and set the machine learning which are used to create a model for classification . these technique differ in term of *the type and number of features extracted.*the algorithm used to identify the best feature sets and weight assign.*the type of no. of machine learning feature.*the use of optimisation algo.*the better use of anti phishing technique.
C. Phishing blacklist and white list based
The method in this category utilised the white list of normal website and the blacklist containing anomalous website to detect phishing. The blacklist is obtained either by user feedback or via reporting by the third parties who perform the phishing URLs detection.
VI. PHISHING DEFENCE
an average of 4% of people will fall for any given phish, and the more phishing emails they have clicked, the more likely they are to click again.
1. Separate user accounts from administrator accounts (and use them
properly)
A successful phish is usually only the first step that gets attackers into the network. They still must move deeper to gain access to a
point-of-sale system, database, or other target of crime or espionage. This access is made immensely easier if the successfully
phished target is a network or system administrator. Any elevated access--even just local administrator access on a single machine--
makes credential theft and stealthy persistence easier.
Selectively create separate administrator accounts only for
users who need them. If possible, restrict these accounts from accessing email and browsers. This restriction decreases the likelihood
of an administrator account being compromised and forces the attacker to spend more time and resources escalating on the network.
This extra effort increases the likelihood of detection and the attacker\'s time-to-cost ratio. If you have network monitoring in place.
creating separate administrator accounts has the added benefit of increasing awareness of elevated user activity in the network, since these accounts will be used for fewer and more specific tasks.
2. Harden the host
Phishing comes in two broad forms: credential collection and payload (malware) delivery. Successful payload delivery can lead to a system becoming part of a botnet, installation of a Remote Access Trojan (RAT), or installation of ransomware or cryptoware.
Blocking Microsoft Office macros is one of the most impact ways an organisation can combat malware delivered through phishing, and it can be easily done through Active Directory Group Policy. Also use Software Restriction Policies
[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831534(v=ws.11)] to restrict common
methods of executing scripting languages, such as wscript.exe and mshta.exe, and prevent many common initial payload execution
methods. If you\'re using Windows 10/2016, consider the new Windows Defender Exploit Guard attack surface reduction rules
[https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard] . These
rules are outstanding, easy to implement, and go a long way to preventing the majority of common payload execution techniques used
by attackers. Finally, make sure to use attachment filtering
[https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/attachment-filtering-procedures] (or similar methods if
not using Microsoft Exchange) to prevent executables and other common file types used by malware from being emailed in your
environment. Overwhelmingly, the most common initial payloads are JavaScript (.js), visual basic (.vbs), or Microsoft Office
files [https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf] , and the previously mentioned controls are
extremely effective at combating malicious delivery of these file types.
VII. WORK EXTEND
In this paper we analyse the about the Phishing .By this survey we get some information about phishing . we also know about type of phishing and phishing scenario, how to detect and defence in phishing. After this survey , we have to extend our work , for detection the phishing site by using machine learning approach.
In Machine Learning there are lot of technique to detect phish page such as vector machine , decision tree, k-means ,k-n algo etc.
VIII. CONCLUSION
In this paper , an analysis of the technique proposed for phishing detection has been performed. We also see the present and past scenario of cyber crime phishing attack in India. The percentage will increase day to day. The phishing attack are still successful because of many inexperienced and unsophisticated internet users. Our future work is to research to detect the phishing page of fake searching websites and bank sites and make best detection technique for future.
REFERENCES
Anti-Phishing Working Group, Phishing Activity Trends Report (2006),
http://www.antiphishing.org/reports/apwg_report_mar_06.pdf
Litan, A.: Phishing Attack Victims Likely Targets for Identity Theft. Gartner Research (2004)
Fette, I., Sadeh, N., Tomasic, A.: Learning to Detect Phishing Emails. Technical Report CMUISRI-
06-112. Institute for Software Research International, Carnegie Mellon University
(2006)
Phishing Corpus (2006), http://monkey.org/~jose/wiki/doku.php?id=PhishingCorpus
Spam Assassin (2006) http://spamassassin.apache.org/
Chapelle, O., Vapnik, V.: Model Selection for Support Vector Machines. Advances in Neural
Information Processing Systems 12
Cherkassy, V.: Model Complexity Control and Statistical Learning Theory. Journal of Natural
Computing 1, 109–133 (2002)
Lee, J.H., Lin, C.J.: Automatic Model Selection for Support Vector Machines. Technical report,
Department of Computer Science and Information Engineering, National Taiwan University
(2000)
Chang, C.C., Lin, C.J.: LIBSVM: A Library for Support Vector Machines. Department of
Computer Science and Information Engineering, National Taiwan University (2001)
Chan, C.H., King, I.: Using Biased Support Vector Machine to Improve Retrieval Result in
Image Retrieval with Self-organizing Map. In: Proceedings of International Conference on
Neural Information Processing, pp. 714–719. Springer, Heidelberg (2004)
Moller, A.F.: A Scaled Conjugate Gradient Algorithm for Fast Supervised Learning. Neural
Networks 6, 525–533 (1993)
Vesanto, J., et al.: Self Organizing Map (SOM) Toolbox. In: Proceedings of Mat lab DSP
Conference, Finland, pp. 35–40 (1999)
Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn.
Morgan Kaufmann, San Francisco (2005)
Anderberg, M.: Cluster Analysis for Applications. Academic Press, London (1973)
EGAN, J.P.: SIGNAL DETECTION THEORY AND ROC ANALYSIS. ACADEMIC PRESS, NEW YORK (1975)