Phishing Defense Against Idn Address Spoofing Attacks Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Address spoofing is a common trick in phishing attacks to confuse the users about a web pages real origin. By address spoofing, the attackers can easily redirect them to faked websites and can collect the secret information.

Phishing attack is not a new thing now. It has been used by the past several years. But these many days most of the attackers they are following this approach to steal the users information. According to the APWG analysis in march 2006 there are 18,480 unique phishing reports submitted to APWG. According to Gartner, by the ending of april 2004, there were 1.8 million phishing attacks and 1.2 billion phishing victims.

So, there is a need to review the possible Address spoofing phishing attacks and to develop a technology to prevent those. For this there should be some analysis on the characteristics of address spoofing attacks in internet.

Problem Definition:

Phishing attacks are widely happening in internet. Most of the users they are facing a lot of troubles with phishing attackers. Phishing is an easy and effective way for scam and fraud on the internet. So, all the research which is going to be is comes under the internet security mechanism. A small discussion on phish attacks is as fallows.

For each packet in internet, in header it contains appropriate source and destination. So by forging the header part, the attacker can send it to the actual receiver. When the packet reaches to the receiver, he can feel that the packet came from the authorized one. So, the response can redirect to attacker machine. This is the actual 'Address Spoofing' that most of the attackers follows.

For each packet in internet, in header it contains appropriate source and destination. So by forging the header part, the attacker can send it to the actual receiver. When the packet reaches to the receiver, he can feel that the packet came from the authorized one. So, the response can redirect to attacker machine. This is the actual 'Address Spoofing' that most of the attackers fallows.

Address spoofing is a common trick in phishing attacks to confuse the users about a web pages real origin. By address spoofing, the attackers can easily redirect them to faked websites and can collect the secret information.

To find the address spoofing attackers, there is a need to develop one client side technology which should prevent these types of attacks.


Developing a technology to prevent phishing attacks which are emerged frequently for protecting the users. Phishing is new type of network attack and it can be detect and prevent by Presenting a Novel client side plug-in by implementing various techniques to protect the users against these address spoofing attacks.


To detect and prevent address spoofing phishing attacks, it needs to fallow the below objectives. Based on these objectivities the project will go fine.

Explore the types of various address spoofing attacks which are fallowed.

User-confusion based attacks

Vulnerability based attacks

IDN Based attacks

Implement a novel client side browser plug in to prevent the address spoofing phishing attacks.

By integrating this plug-in as a tool in clients browser, users can easily prevent the address spoofing based phishing attacks. And it will be take care of the users by giving alerts when the phishing attack came into existence.


By reviewing the problem with address spoofing attacks, it has shown that how the attackers can gain the access by redirecting the targeted users to faked websites. By implementing a technology like a software tool or plug-in, these types of attacks can be handled efficiently. The software tool or plug-in should analyze the network traffic and should indicate the users by giving the alerts. So the users can be alerted by preventing those attacks.


Following are the deliverables which will meet by the project expectations.

The outcomes are as fallows by doing this project.

Documentation about all possible address spoofing attacks fallowed by the most of the attackers.

Novel client-side Plug-in to prevent these type of phishing attacks.

Project design and required diagrams.

Software and Hardware requirements:

Software Requirements:

Windows XP professional,

Microsoft Visual Studio .Net 2008,

Add in Express and

Visual C#.Net, SQL Server 2005.

Hardware Requirements:

Pentium III / IV,

Hard Disk 40 GB,

Ram 256 MB.

Chapter 2: Phishing Defense against IDN Address Spoofing Attack

2.1 Phishing:

According to Markus Jakobsson, Adam Young (n.d), it is the technology and social engineering and the goal is the classical to learn the information to allow the user to access the resources. The phishing attack aims to find the account number and password that used for online banking in order to steal money from their account. Many of the phishing harass are quite simple and there is much clear development that become more and more brilliant both in emotional aspects and knowledge deployed. Today phishing e-mails are look like a rightful e-mail to a few organizations like banks. It contains the connection to the webpage by equal to the real webpage and is prohibited by the assailant.

According to Gunter Ollmann (1996), the phishing is the word that comes from similarity to the criminal in the internet who uses the email lures to phish the password of the mail Id and financial information by the internet users.

Phishing is a kind of online scam was the performer uses the email or website to illegally find the private information. The phishing trick often engage the impersonator website designed to imitate the of good reputation company that regularly in banks, in other financial institution that ask to broadcast the responsive data. Phishing has simple easy steps that make sure to keep the data in safe and secret and shows that how to reduce the danger from phishing harass.

2.1.1 Phishing defense in spoofing attack:

According to Viktor Krammer (2006), phishing is a problem that is becoming an extensive in internet by tracking naive user into helpful responsive information like login qualifications on false web sites. The circumstance is usually broken by phishes and referred to address spoofing and also has types of address spoofing address spoofing attacks.

2.1.2 User Confusion based Attack:

This attack contains confusion by name similarity, confusion by address complexity and confusion by random addresses.

2.1.3 Confusion by Name Similarity:

The assailant registers somewhat different field name than the actual one. The work registrars and cannot physically analysis to each registration and does not execute parallel checks. In addition the attacker uses the stolen uniqueness for the list.

2.1.4 Confusion by Address Complexity:

In this the most simple and common to find in phishing scams are the URL with the IP address. By phishing records the anti-phishing operational sets. Frequently the attacker tries to confuse the user by the complete length of the address by adding secret query string and state the original name to the website losses. The alternative type of harass is sub domain spoofing where it takes the advantages of the truth where the host name is displayed in smallest amount of significant tag of the first sort.

2.1.5 Confusion by random address:

It is not an address spoofing attack where it frequently encountered in phishing scams. Assailant also does not try to mask the address. It assaults the best work where the user does not look at the address at all.

2.2 Vulnerability-based Attacks:

This is a type of spoofing address attack to rely on safety flaws either in client side or the server side vulnerabilities.

2.2.1 Client-side Vulnerabilities:

The client- side vulnerability of IE is known as chrome and UI spoofing allows the assailant to spoof the fundamentals of the UI browsers by creating chrome less pop-up pane. Actually phishing attack uses the cover the address block with the original address of the web site. The ability of the chrome spoofing UI in controlled in location where the pop-up windows can appear.

2.2.2 Server-side Vulnerabilities:

Attacks are primarily based on the cross-site scripting vulnerabilities. Strictly speaking is one of the kinds of attack where it is not an address spoofing attack but features are same.

2.3 IDN-based Attacks:

It is being as a lower, mainly exploiting the programming subtleties of Unicode. There is no real world report so far. Without effective anti spoofing techniques were the attack can fake very grave safety threat when the IDN is broadly accessible and get popular. In this there are different types of spoofing as whole-script spoofing, single-script spoofing, mixed-script spoofing, syntax spoofing, numeric spoofing, bidirectional text spoofing, combining mark order spoofing and inadequate rendering support.

2.4 Distributed Phishing Attack

Markus Jakobsson, and Adam Young identified and described an innovative type of phishing attack that circumvents what is almost certainly current days majority well-organized protection mechanism in the war beside phishing, that is the shutting down of sites run by the phisher. This attack is conceded out by one efficient attacks that is distributed phishing attack (DPA). This attack will functions with a per-victim personalization of the position of sites gathering permissions and a concealed broadcast of permissions to a hidden coordination center which will execute with phishers. They proved the implementation of this type of attack and explained how it can boost the achievement rate of attacks when the tracking of the phisher. Markus momentarily explained a technique which will be given the assistance to battle with these DPAs.

Social engineering and technology are the two components which can be considered as phishing attacks. The aim of a phisher is typically to gain information which allows him to use the materials belonging to his victims. The most regular type of phishing attack goal is to collect account numbers and passwords which are used for internet banking, in order to either theft currency from these accounts or use them as "stepping stones" in money consuming schemes. In the second type of circumstances, the phisher, who may belong to a illegal group or a terrorist group, will transfer currency between accounts that he organizes (without pilfering money from either of them) in order to unclear the actual flow of finances from one payer to other payee. Phishing is therefore not only of worry for possible sufferers and their economic institutions, but also to society at huge.

It is appeal cracking light on some of the details behind how an attack can practically be

carried out. To install the transponders, the normal attack vectors of Internet attackers can be

used. This typically involves one form of exploit or another. We can see the examples include .The areas where we can expect a chacne by the intruders are buffer floodeds, exploiting improperly moderated race-conditions,asking an user to perform operations on attachment. The asymmetric encryption is straightforward to implement in windows operating system. Both Windows 2000 and Windows XP are outfitted with the Microsoft Cryptographic API (CAPI). Blacklisting is one of the regular technique to defend against phishing assaults.

[Distributed Phishing Attacks]

2.5 PhishNet:

According to Pawan Prakash, Manish Kumar, Ramana Rao Kompella, Minaxi Gupta, Phishing attackes have been simple and successful way for fiddle and ruse on the Internet. The solutions such as URL blacklisting is an effective method up to some extent. Their dependence on exact contest with the blacklisted entries makes it simple for attackers to escape. Authors started their observation based on the simple modifications committing by the attackers like changing the contents present in the URLs. The authors main intension is to develop one tool like PhishNet, which will expose the attackers observations in two different approaches. In the first approach, authors recommend few guide lines to catalog simple combinations of known phishing sites to determine new phishing URLs.In the second approach it consists of an algorithm which will divide the URL in to multiple sub components.After dividing in to sub components,these components are coordinated individually with the URLs present in the blacklist.When the experiments are conducted by the authors with the real time URLs balck list,they revealed around 18,000 new URLs from a pool of 6,000 entries of innovative blacklist. Blacklisting is the most common technique to defend against phishing attacks. In this article authors developed a tool called PhishNet to deal with the major problems in the blacklists.There are two major components presented in the PhishNet tool.In the first component,the size of the blacklist increases by creating new URL deviations from the original URLs but after inspection through Domian Naming Service(DMS) and substance matching.In the second component contains an estimated matching data structure that allocates a score to each URL based on section-wise similarity with the accessible URLs. completely identifying the new guide lines and making observations on their efficiency is a problem.Authors performed the evalutions on the Google Safe Browsing API,It allows ending user to inspect the personality of a URL by comparing against google's with the constantly updated list of expected phishing and malware pages.

[PhishNet: Predictive Blacklisting to

Detect Phishing Attacks]

2.6 Preventing Phishing Attacks:

According to Gunter Ollmann Phishing became one of the popular crime in the twenty first century.The universal media is showing much interst in displaying stories on an almost daily basis targeting the new organization on how many fatalities give away to the attack.phishers will try to develop evermore complicated attack to harm the users,Business will struggle to protect there customers individual data and try to improve the security services to email mechanism.Client too have become cautious of "official" email andorganisations struggle to install assurance in their communications.

Many of the governments and the industry clusters struggling in there own ways in preventing the spam,In the meantime organisations are carrying some pratical approach in fighting the phishing threat.By analysing the faults and understanding the techniques and tools which were used by the professionals criminals in there own edge security or applications,Organisations can avoid many of the major popular and unbeaten phishing attack vectors.This document coverup the latest technologies and security faults Phishers develop to conduct their assaults to prevent further attacks.

In successfully completing the phishing attack it must use more number of methods to trap the user by diverting by assigning something work related to sever.There are more number of methods which are increasing regularly.One of the basic method which is used to trap the customers resource and information is man-in-the-middle attack.In this attack the intruder comes between the web based application server and customer. This form of attack is successful for both HTTP and HTTPS communications.This from of attack is more in hypertext transfer protocol and hypertext transfer protocol secure communications. The next which is used bye the attackers are URL Obfuscation.In this method the user will login proxy server which is of attackers server.After entering all the details the proxy server will contains the complete details of user.The methods present in the URL Obfuscation are Bad domain names, Third-party shortened URL's and Host name obfuscation. In the bad domain name obfuscation user is forced to entered the details which the proxy server will connect to the URLs. In the Third-party Shortened URL's,because of the extent and difficulty of more web-based application URLs - combined with the way URL's may be represented and displayed within a variety of email systems.

It will be difficult to find the host destination,if different IP representations are used which are not familiar.Othere than the classic dotted decimal format there are different ways to encode the address based on the representation of IPaddress.The following shows the different types of representations:

Dword-Dword: It means doule word.Representation of this word is done by using two binary words of 16-bits.Even though it uses two binary words of 16 bits but it is conveyed with decimal which contains base 10.

Octal - In this representation address is expressed with base 8, and

Hexadecimal - In this representation address is expressed with base 16.

Hidden Attacks:

By making use of HTML, DHTML and other scriptable ,attacker can interpret the web browser of customers and change the information as per his requirement.In many cases attackers will use these technologies to cover fake content which are coming from the real site.

The most common vectors which are included in this attack are:

• Hidden Frames

• Overriding Page Content

• Graphical Substitution

2.6.1 Observing Customer Data

This is one of the oldest methods used by the hackers and became popular amoung the Phishers, key-loggers and screen-grabbers.IN this information is collected through the different methods like

By using the sender or receiver pair streams of data will be passed continuously it means that data will forwarded as soon as it is implemented.

In this method,the software gives the permission to access the client systems,by this attacker can get the information related to the client at ant time.This can also be considered as a backdoor

To make sure sustain for limited languages in Internet software such as web browsers and email

clients, most software will support interchange encoding systems for data. These encoding systems tend to be supported by mainly web browsers.Encoding system contains the techniques like escape encoding,Unicode encoding,multiple encoding, Inappropriate UTF-8 Encoding and Multiple encoding. special syntax handling is to needed by the URL.This can be achieved by encoding the character with series of 3 characters.In the second method, the storing

characters with more number of bytes by providing a distinctive reference number for every

character with independent of language.It is one of the most commonly utilised formats,It preserves the full US-ASCII character.

2.6.2 Client-side Vulnerabilities

The complicated browsers patrons use to surf the web, just like any other profitable

piece of software, are often susceptible to a countless of attacks. The more functionality built into the browser, the more likely their exists a susceptibility that could be demoralized by an attacker to aim access to, or otherwise observe, private data of the customer.

There has been a plenty of researches has done for anti-phishing approaches. So by fallowing these, it can give an full idea to accomplish this research.

As per Rachna Dhamija, J. D. Tygar and Marti Hearst, to bulid any system to protect users from phishers, the website designers should know which attack will raise and why. They provided empirical evidence about which spiteful strategies are successful.

Aaron Emigh has discussed some methods employed by online identity thieves and counter measures that can prevent crimes like phishing attacks[2]. And he has explained all the ways that how the attackers they can fulfill their work easily.

Sujata Garera, Niels Provos, Monica Chew, and Aviel D. Rubin has suggested that by using a logistic regression filter, it can efficiently detect and measure the phishing attacks[3].

So, by fallowing all suggested methods and technologies by different authors who has working with the same, this project is going to be an efficient technology to prevent all address spoofing related phishing attacks.

Chapter 3: Online detection of phishing attacks

3.1 Online detection

Juan Chen, Chuanxiong Guo and can consider fishing as one of the new type of network attacker.In this process attacker creates the duplicate of an existing website to change the diversion of users by placing rich designed emails or an immediate messages which concentrates on mainly submitting the delicate, economic, or password data to get there required information. In this document,authors proposed a new host at the end of process based on the anti-phishing algorithm, in this authors uses LinkGuard tool, by utilizing the general distinctiveness of the hyperlinks in phishing attacks. The characters which we obtain are resultant by making clear observations on the phishing data library which are provide by the Anti-Phishing Working Group(APWG).Because these things are based on the characteristics of phishing attacks,not only the known phishing attacks we can also get the unknown phishing attacks by using the LinkGuard tool. Our authors Juan Chen, Chuanxiong Guo implemented this tool on windows operating system i.e windows XP.Based on the experiments conducted and considering the verifications authors decided the LinkGuard is very much useful to detect the known phishing and unkown phishing attacks,not only the detection it also prevents the the known phishing and unknown phishing attacks that too with the minimal fake negatives.While conducting experiments by the authors they found 195 out of the 203 phishing attacks.While conducting experiments on this LinkGuard authors found that it is lightweighted and can identify and avoid phishing attacks in realtime.Now a days phishing becoming one of the most serious network security problem.which is causing economic imbalance by creating lose of billions of dollars for the end user i.e customer and e-commerce companies. And possibly more fundamentally,phishing has made e-commerce mistrusted and less striking to typical consumers. In this document , authors started studying the attributes of the hyperlinks that were surrounded in phishing e-mails. After authors moved to design an anti-phishing algorithm, Link- Guard, which is based on the resultant characteristics.By the experiments we came to know that phising Link-Guard id not only detects the phishing attacks which are known,it also dects the phishing attcks which are unknown attacks.Authors Juan Chen, Chuanxiong Guo had conducted experiments on windows XP by using LinkGuard.their experiments resulted that Link Guard is light-weighted and it can detect the attacks up to 96% phishing unknown attacks in real-time.After conducting certain experiments by using LinkGuard,authors came to one proposal as,it is not only used detects the phishng attacks but also prevents the occuring of phishing known attacks and unknown attacks. It prevents from malevolent or unsolicited associations in Web pages and immediate messages.Authors mentioned about their future work as ,it includes extending the LinkGuard algorithm, so that it will possible to handle cross site scripting (CSS) attacks.

3.2 Technical trends in Phishing Attacks

According to the authors Jason Milletary the expediency of online trade has been clinch by the coustomers and attackers alike. Phishing is an act of thefting the personal information through mainly based on the internet.The main reason behind this phishing is to create economic fraud which had became an considerable immoral activity over the internet.After coming across with the attacks the identification methods are also implemented which are going on high progress,by educating the end users as well as the business people by identifying the prevention methods.When ever the prevention methods are increasing there standards at the same time the phishing attacks are also increased there diversity and scientific complexity by the people conducting phishing and online economic fraud.Negative impact on economy because of economical imbalance experienced by the end users as well as investors, beside with the undesirable effect of reducing the end user's confidence in online exchange. Phishing tricks have been increased in topical years due to complimentary financial and technological provision.

The procedural assets needed to perform phishing attacks can be eagerly through the communal and private sources.In this document we can find the procedural capabilities.These cababilities are used to perform phishing tricks, analysis tendency of the procedural capabilities over the last two years, and talk about the presently arranged prevention methods for the attacks.

3.3 Online identity of phishing attacks:

According to Aaron Emigh, phishing can be identify as a online character in which the information which is to be confidential data is revealed obtaining from an individual.It is notable from the offline individuality theft such as card scaning and "dumpster diving,"information can be obtained at once from many individuals by compromising the large scale data.Phishing itself includes different types of attacks,which are as shown below:

Deceptive attacks:In this attack users information is going to leak by using several traping fraudulent messages.

Malware attacks:Because of this attack,the marked software leads to data compromises


DNS-based attacks: In this attack research will be conducted on host names which are changed to send users to a fake server.

Phishing mainly targets on different kinds of confidential data,which includes birthdates,bank account numbers,credit card numbers,social security numbers,including user names and passwords etc.

Because of direct phishing-related to some bank in us and credit card issuers ,estimates the loss as $1.2 billion in 2003.Indirect losses plays major role,which includes expenses related to customer services,costs related to replacement. Both the regularity of phishing attacks and their complexity is increasing significantly. This document examines the technologies that are used to detect the phishing attacks and estimates the logical prevention methods that are required to solve the detects,which are planned and financially existing.

[Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures]

3.4 Phishing attacks working nature

Rachna Dhamija, J. D. Tygar, Marti Hearst has been review that, to construct the systems for protecting users from false things like fake websites, designers require to be familiar with which attack policies work and the behind this. The authors provided the first experiential proof about what are the malicious strategies that are doing well at misleading common users. The authors at analyzed a large group of capture phishing atacks & set of hypotheses developed about why these strategies might work. The Authors assess those hypotheses by usability study in which 22 participants be shown 20 web sites & asked to deside which ones were fraudulent. Authors found that 23% of the participants didn't see at browser-based cues such as the status bar, the security indicators & address bar, leads to wrong choices 40% of time. Also authors found that few visual cheating attacks may fool even a most sophisticated users. Those results demonstrate that for a substantial fraction of users, standard security indicators are not effective & recommend that alternative approaches are required.

[Why Phishing Works]

3.5 Security and identification of phishing attacks

According to AMIR HERZBERG and AHMAD JBARA, instead of the use of standard Web security measures (SSL/TLS), In fake websites users enter sensitive information such as passwords. Such fake sites effect large damages to corporations & individuals. In this work, identify several vulnerabilities of browsers, focusing on security and identification indicators.

The improved security presented by Authors & identification indicators, as developed in TrustBar and browser extension developed. Users can assign a logo or a name to identify SSL/TLS-protected sites with trustbar. If users did not assign logo or a name, TrustBar identifying protected sites by the logo or name of the site & by CA(certificate authority) who recognized site. Usability experiments presented by Authors, which is compares TrustBars indicators to basic indicators

available in the most browsers (URL, padlock and https prefix) & few releted secure usability principles.

Chapter 4: characteristics and Responcibilities of phishing attacks:

4.1 Characteristics involved in phishing attacks

According to Marianne Loock, Alta van der Merwe, Marek Dabrowski, 'Phishing' is a fake activity defined as formation of copy of a existing Web page to fool the user into submitting financial, personal or password data.

For both web security and s/w security development environments there are security service guidelines. When planning new system's Developers use those guidelines to ensure a secure environment.The aim of this paper is two fold: first one to considering the characteristic's of phishing attack & to discover a list of issues releted to that & secondly to compare the nature of a phishing attack with the security services guidelines provided and if these guidelines are adhered to pinpoint the weaknesses of phishing attacks.

[Characteristics and Responsibilities involved in a Phishing Attack]

4.2 Integrated approach for phishing attacks:

According to K. Saravanan2 and R. Suriya1 and Arunkumar Thangavelu3 "Phishing" is a process of lure unsuspectly Internet users to a fake website by using authentic looking email and messages for deceptive purposes. Mostly preferred way that phishers employ to luring victim's is by mass email, create to look like an authentic message from a well known company. To understand and analyse Phishing website has its own technical and social problem with each other and being a very complicate and complex issue, to till date,to solve it entirely there exist no known single silver bullet. In order to detect phishing websites to assess whether phishing activity is taking place or not, one way here to construct a resilient & effective method is proposed that uses fuzzy logic to measure & qualify all the website phishing characteristic's & factors.

The approach visualize the webpage in 3 layers of which the 1st layer, Domain Name checker, is fully based on characteristics of hyperlinks,

the 2nd, Code Script Checker to hide information from user which checks out for the tricks of the attackers in a way how they use JavaScript and potentially launch sophisticated attacks and the 3rd layer of our approach, Page Content Checker, checks for phishing site based on

its sub criteria. Finally webpage is reported as a phishing suspect if any of them is higher than its corresponding preset threshold .

[An Integrated Approach to Detect Phishing Mail Attacks

A Case Study]

4.3 phishing attacks framework:

According to Niels Provos, Sujata Garera and Monica Chew, Phishing is form of detecting theft that combines sophisticated attack vectors & social engineering techniques & to harvest financial information from unsuspecting consumers. Oftenly phisher tries to luring his victim into clicking the URL pointing to a rogue page. Authors focused in this on studying the structure of URLs employed in several phishing attacks. Authors detecting that it is often possible to say without requiring any knowledge of the corresponding page data, to say whether or not a URL belongs to a phishing attack. Authors explain various features that can be used to distinguish a phishing URL from a benign one. Those features are used to model a logistic regression filter that is efficient & has a high accuracy.

[A Framework for Detection and Measurement

of Phishing Attacks]

4.4 Security indicators in phishing attacks:

According to Min Wu, Robert C. Miller, Simson L. Garfinkel, to help users detect phishing attacks in a web browser, Security toolbars shows security related information about a website. So Toolbars designed for people to use and they should be evaluated for usability - whether those toolbar's really prevent user's from being tricked into providing personal data. Authors conducted 2 user studies of 3 security toolbar's and the other browser security Indicator's & detected them all ineffective at prevent phishing attack's. Many failed to look at it, even though subject's were asked to pay attention to the toolbar. others disregarded or explained away the toolbars warnings if the content of web pages looked legitimate. Authors detected that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be.

4.5 Protection against phishing attacks

According to Christopher Kruegel and Engin Kirda "Phishing" is a form of online finding theft the purpose to steal sensitive data such as online banking credit card information and passwords from users. Because such attacks have been escalating in number and sophistication Pishing scam have been receiving extensive press coverage. According to a study by Gartner 57 million US Internet users having detected receipt of email linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive data. In this paper reports a novel browser extension, AntiPhish that approach to save users against spoofed web sitebased phishing attacks. Whenever the user attempts to give away this information to a web site that is considered untrusted. AntiPhish tracks the sensitive data of a user and generate warnings [Protecting Users Against Phishing Attacks]

4.6 Phishing emails

Ian Fette Norman Sadeh Anthony Tomasic has been concluded that there were a number of increasing emails purports to be from a trusted entity that attempt to Fraud users into providing identity information or account number generally called as phishing emails. Traditional spam filters are not adequately detecting these undesirable emails and this causes problems for both businesses wishingand and consumers to do business online.

This is a challenging problem from a learning perspective. At first glance a problem appears to be a simple text classification problem, but the classification is confounded by the fact that the class of "phishing" emails is nearly identical to the class of real emails. Authors propose a new method for finding those fake emails called 'PILFER'. The Authors are able to accurately classify over 92% of phishing emails, while maintaining a false positive rate on the order of 0.1%, by incorporating features particularly designed to highlight the fake methods used to fool users, Those results are obtained on a dataset of approximately 860 phishing emails and 6950 non-phishing emails. The accuracy of PILFER on this dataset is significantly better than that of SpamAssassin, a widely-used spam filter.

Phishing is the act of harvesting bank, personal & credit data by way of fake email

and fake web sites, has exploded within criminal sector in popularity within the of the Internet. Month after month, Anti Phishing Working Group estimating that the volume of phishing e-mail is growing at a rate of over 30%. Furthormore attacks are becoming more sophisticated as attackers leverage vulnerabilities in client s/w as well as design vulnerabilities in targeted web applications.

This paper is not proposed to be a article on the entire area of phishing, but instead will focus one such advanced attack, collected in the wild on November 29, 2004. The attacker employs in this case over a dozen individual tactics to convince his victims to reveal sensitive bank account information. Some are more advanced while no of the elements of this attack are common to virtually all phishing scams and are expected to become popular in the near future.

Following scenario details an attacker who leverages the Cross Site Scripting (XSS) vulnerability in an e-banking to gaining the social trust of the victim as well as the technical trust of IE(Internet Explorer).

4.7 IDN address spoofing

Viktor Krammer has reviewed on IDN based address spoofing attacks and he found the following things. In Fishing scams address spoofing is a general trick used to confuse unsuspecting users about a Web site's real origin. With the introduction of Unicode characters into domain names called as Internationalized Domain Names (IDN), the risk has essentially increased even for the most cautious users. The author explores different types of address spoofing attacks focusing on IDN and presenting a novel client side Web browser plugin Quero which implement's several techniques include highlighting to save the user against visually undistinguishable address manipulations.

4.8 Prediction of blacklisting attacks

According to Manish Kumar, Pawan Prakash, Ramana Rao Kompella and Minaxi Gupta " Phishing" is effective and easy way for trickery and deception on the Internet. While solutions such as URL blacklisting have been effective to some degree, their reliance on exact match with the blacklisted entries makes it easy for attackers to evade. Authors start with the observation that attacker's often employ simple modifications to URLs. The system, PhishNet, exploits this observation using 2 components. In the 1st component, Authors propose 5 heuristics to enumerate simple combinations of known "phishing" sites to find new phishing URLs. The 2nd component contains of an approximatly matching algorithm that dissect's a URL into multiple components that are matched individually against entries in the blacklist. In this evaluation with the realtime blacklist feeds, Authors detected around 18,000 new phishing URL's from a set of 6,000 new blacklist entries. Authors also show that the approximatly matching algorithm leads to very some false positives.

Targeted attacks defined as Spear Phishing, are gradually more exploiting military themes and government in order to compromise defense contractors in the Unites States.

[1] In 2009, the Washington Post reported that unknown attackers were able to break into a defense contractor and steal documents pertaining to the Joint Strike Fighter being developed by Lockheed Martin Corp.

[2] Google was compromised in January 2010 along with other hi-tech companies and defense contractors.

[3] The problem is becoming increasingly severe.

[4] In fact, the Department of Defense recently released a

memo with plans to protect unclassified information passing through the networks of various contractors.

Binational Working Group on Cross-Border Mass Marketing Fraud Phishing refers to lure technique's used by detected thieves to fish for personal data in a pond of unsuspecting Internet users. It is a general term for the creation and use by criminals of emails and websites that have been designed to look like they come from legitimate, wellknown and trusted businesses and government agencies & financial institutions. Those criminals deception Internet users into disclosing their financial and bank information or other personal information such as passwords and usernames. Phishing continue's to be one of the fastly growing classes of detecting theft scams on the web i.e causes both short term losses & long term economic damage. Over 20,000 individual phishing complaints were reported in may2006, representing an increase of over 34% from previous year. Recent data advices that criminal's are able to convince up to 5% of recipients to respond to their e-mails, resulting in an increasing no of consumers who have suffered credit card fraud, identity fraud & financial loss. Estimated losse's from phishing attacks are now in the billions of dollars worldwide & those losses are growing.