PhishGuard: A browser plug-in for protection from phishing

Joshi, Yogesh M.; Saklikar, Samir; Das, Debabrata; Saha, Subir Kumar

doi:10.1109/imsaa.2008.4753929

Cited by 37 publications

(20 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the real credentials are still susceptible to phishing since they are also sent along with those fake credentials. An alternative of this technique is to submit fake credentials without submitting the real ones (Joshi, et al 2008). based on what image he expects with an image generated by the server.…”

Section: Instantaneous Based Protection Approachmentioning

confidence: 99%

“…However, the real credentials are still susceptible to phishing since they are also sent along with those fake credentials. An alternative of this technique is to submit fake credentials without submitting the real ones (Joshi, et al 2008). To overcome the problems that arose in (Kirda and Kruegel 2005) a new technique which basically making use of HTML DOM and layout similarity based approach has been proposed in (Angelo, et al 2007).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

133

View full text Add to dashboard Cite

The Internet has become an essential component of our everyday social and financial activities.Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods. INTRODUCTIONAlthough phishing is a relatively new web-threat, it has a massive impact on the commercial and online transaction sectors. Presumably, phishing websites have high visual similarities to the legitimate ones in an attempt to defraud the honest people. Social engineering and technical tricks are commonly combined together in order to start a phishing attack. Typically, a phishing attack starts by sending an e-mail that seems authentic to potential victims urging them to update or validate their information by following a URL link within the e-mail. Predicting and stopping phishing attack is a critical step toward protecting online transactions. Several approaches were proposed to mitigate these attacks. Nonetheless, phishing websites are expected to be more sophisticated in the future. Therefore, a promising solution that must be improved constantly is needed to keep pace with this continuous evolution. Anti-phishing measures may take several forms including: legal, education and technical solutions. To date, there is no complete solution able to capture every phishing attack. The Internet community has put in a considerable amount of effort into defensive techniques against phishing. However, the problem is continuously evolving and ever more complicated decept...

show abstract

Section: Instantaneous Based Protection Approachmentioning

confidence: 99%

“…However, the real credentials are still susceptible to phishing since they are also sent along with those fake credentials. An alternative of this technique is to submit fake credentials without submitting the real ones (Joshi, et al 2008). To overcome the problems that arose in (Kirda and Kruegel 2005) a new technique which basically making use of HTML DOM and layout similarity based approach has been proposed in (Angelo, et al 2007).…”

mentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

133

View full text Add to dashboard Cite

show abstract

“…However, it cannot be able to detect zero-day phishing attacks, because it is not detected yet. Google Safe Browsing API [8] enables client applications to validate whether a given URI exists in blacklists and updates constantly. The current implementation of the protocol is provided by Google, and only consists of two blacklists named 'goog-phish-shavar' and 'goog-malware-shavar', for phishing and malware respectively.…”

Section: B Website Phishing Detectionmentioning

confidence: 99%

A Computer Vision Technique to Detect Phishing Attacks

Rao

Ali

2015

2015 Fifth International Conference on Communication Systems and Network Technologies

View full text Add to dashboard Cite

Phishing refers to cybercrime that use social engineering and technical subterfuge techniques to fool online users into revealing sensitive information such as username, password, bank account number or social security number. In this paper, we propose a novel solution to defend zero-day phishing attacks. Our proposed approach is a combination of whitelist and visual similarity based techniques. We use computer vision technique called SURF detector to extract discriminative key point features from both suspicious and targeted websites. Then they are used for computing similarity degree between the legitimate and suspicious pages. Our proposed solution is efficient, covers a wide range of websites phishing attacks and results in less false positive rate.

show abstract

“…A similar approach has been applied by Joshi et al [27] (the PhishGuard tool) who intercept user submitted credentials. However, to hide an actual supplied credential, they send another set of fake credentials at the end.…”

Section: Phishing Attack Detectionmentioning

confidence: 99%