An integrated approach to detect phishing mail attacks: a case study

Phishing is a process of luring unsuspecting Internet users to a fake website by using authentic looking email and messages for fraudulent purposes. Most preferred way that the phishers employ to lure victims is through a mass email, constructed to look like an authentic message from a well-known company. Phishing website has its own technical and social problem with each other and being a very complicate and complex issue to understand and analyze, to till date there exist no known single silver bullet to solve it entirely. Here an approach to create a resilient and effective method is proposed that uses fuzzy logic to quantify and qualify all the website phishing characteristics and factors in order to detect phishing websites to assess whether phishing activity is taking place or not. The approach visualizes the webpage in three layers of which the first layer, Domain Name checker, is fully based on characteristics of hyperlinks, the second, Code Script Checker which checks out for the tricks of the attackers in a way how they use JavaScript to hide information from user, and potentially launch sophisticated attacks, and the last layer of our approach, Page Content Checker, checks for phishing site based on its sub criteria. Finally if any of them (with regards to the true one) is higher than its corresponding preset threshold then that webpage is reported as a phishing suspect.

[1]  Christopher Krügel,et al.  On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[2]  Lorrie Faith Cranor,et al.  Can phishing be foiled? , 2008, Scientific American.

[3]  dream 远离危险网站——Netcraft Toolbar , 2005 .

[4]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[5]  S. Scott TinyURL , 2008, British medical journal.

[6]  Chuanxiong Guo,et al.  Online Detection and Prevention of Phishing Attacks , 2006, 2006 First International Conference on Communications and Networking in China.

[7]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[8]  K. Dahal,et al.  Intelligent Phishing Website Detection System using Fuzzy Techniques , 2008, 2008 3rd International Conference on Information and Communication Technologies: From Theory to Applications.