Phishing - the threat that still exists

Phishing is an online security attack in which the hacker aims in harvesting sensitive information like passwords, credit card information etc. from the users by making them to believe what they see is what it is. This threat has been into existence for a decade and there has been continuous developments in counter attacking this threat. However, statistical study reveals how phishing is still a big threat to today's world as the online era booms. In this paper, we look into the art of phishing and have made a practical analysis on how the state of the art anti-phishing systems fail to prevent Phishing. With the loop-holes identified in the state-of-the-art systems, we move ahead paving the roadmap for the kind of system that will counter attack this online security threat more effectively.

[1]  Tengke Xiong,et al.  An Intelligent Anti-phishing Strategy Model for Phishing Website Detection , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[2]  M. Angela Sasse,et al.  Security Education against Phishing: A Modest Proposal for a Major Rethink , 2012, IEEE Security & Privacy.

[3]  Paul A. Watters,et al.  Automatically determining phishing campaigns using the USCAP methodology , 2010, 2010 eCrime Researchers Summit.

[4]  Gary Warner,et al.  Phishing: Crime that pays , 2011, 2011 eCrime Researchers Summit.

[5]  Joby James,et al.  Detection of phishing URLs using machine learning techniques , 2013, 2013 International Conference on Control Communication and Computing (ICCC).

[6]  Chun-Ying Huang,et al.  Mitigate web phishing using site signatures , 2010, TENCON 2010 - 2010 IEEE Region 10 Conference.

[7]  Mohammad Zulkernine,et al.  PhishTester: Automatic Testing of Phishing Attacks , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement.

[8]  J. G. Mohebzada,et al.  Phishing in a university community: Two large scale phishing experiments , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[9]  Scott A. Smolka,et al.  Formal Analysis of the Kaminsky DNS Cache-Poisoning Attack Using Probabilistic Model Checking , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[10]  J. Hajgude,et al.  “Phish mail guard: Phishing mail detection technique by using textual and URL analysis” , 2012, 2012 World Congress on Information and Communication Technologies.

[11]  B. B. Gupta,et al.  A Survey of Phishing Email Filtering Techniques , 2013, IEEE Communications Surveys & Tutorials.

[12]  Stephen Flowerday,et al.  Phishing within e-commerce: A trust and confidence game , 2010, 2010 Information Security for South Africa.

[13]  Youssef Iraqi,et al.  Phishing Detection: A Literature Survey , 2013, IEEE Communications Surveys & Tutorials.

[14]  Junshan Tan,et al.  Countermeasure Techniques for Deceptive Phishing Attack , 2009, 2009 International Conference on New Trends in Information and Service Science.

[15]  Charles A. Shoniregun,et al.  Anti-phishing prevention measure for email systems , 2012, World Congress on Internet Security (WorldCIS-2012).

[16]  Ba Lam To,et al.  A novel approach for phishing detection using URL-based heuristic , 2014, 2014 International Conference on Computing, Management and Telecommunications (ComManTel).

[17]  Jun Li,et al.  Leveraging the crowds to disrupt phishing , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).