Phishing is the combination of social engineering and technical exploits designed which creates a replica of an existing Web page to fool users (e.g., by using specially designed e-mails or instant messages) into submitting sensitive information such as online banking passwords and credit card details, personal and financial information by masquerading as a trustworthy entity in an electronic communication. Phishing is a new type of network attack which constitutes more than half of all security incidents on the internet. Email based online phishing is critical security thread on the internet. More and more user are suffering from email based phishing attack over a last few year. Phishing email contains messages to lure victims into performing certain action, such as clicking on URL where phishing site is hosted. This paper present overview about phishing email attack, its classification and preventing approaches. Email phishing attacks fabricate the email's origin. Unfortunately, current email server systems cannot authenticate the genuineness of incoming emails. feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. The word 'Phishing' initially emerged in 1990s. The early hackers often use 'ph' to replace 'f' to produce new words in the hacker's community, since they usually hack by phones. Phishing is a new word produced from 'fishing', it refers to the act that the attacker allure users to visit a faked Web site by sending them faked e-mails (or instant messages), and stealthily get victim's personal information such as user name, password, and national security ID, etc. These information then can be used for future target advertisements or even identity theft attacks (e.g., transfer money from victims' bank account) (15).
[1]
Christopher Krügel,et al.
Protecting users against phishing attacks with AntiPhish
,
2005,
29th Annual International Computer Software and Applications Conference (COMPSAC'05).
[2]
Chuanxiong Guo,et al.
Online Detection and Prevention of Phishing Attacks
,
2006,
2006 First International Conference on Communications and Networking in China.
[3]
Norman M. Sadeh,et al.
Learning to detect phishing emails
,
2007,
WWW '07.
[4]
Selvakumar Manickam,et al.
Phishing Dynamic Evolving Neural Fuzzy Framework for Online Detection Zero-day Phishing Email
,
2013,
ArXiv.
[5]
Niels Provos,et al.
A framework for detection and measurement of phishing attacks
,
2007,
WORM '07.
[6]
Ritu Dahiya,et al.
Phishing & Anti-Phishing Techniques: Case Study
,
2013
.
[7]
B. B. Gupta,et al.
A Survey of Phishing Email Filtering Techniques
,
2013,
IEEE Communications Surveys & Tutorials.
[8]
Kiran P. Somase,et al.
Phishing: A Computer Security Threat
,
2013
.
[9]
Andrew H. Sung,et al.
Detection of Phishing Attacks: A Machine Learning Approach
,
2008,
Soft Computing Applications in Industry.
[10]
Xiaotie Deng,et al.
An antiphishing strategy based on visual similarity assessment
,
2006,
IEEE Internet Computing.
[11]
Marti A. Hearst,et al.
Why phishing works
,
2006,
CHI.