Phishfort – Anti-Phishing Framework

Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.

Download Full-text

PHISHING: AN EVOLVING THREAT

International Journal of Students Research in Technology & Management ◽

10.18510/ijsrtm.2015.312 ◽

2015 ◽

Vol 3 (1) ◽

pp. 216-222

Author(s):

Keyur Shah

Keyword(s):

Success Rate ◽

Large Scale ◽

Large Population ◽

Social Engineering ◽

Text Messages ◽

Sensitive Information ◽

Phishing Attacks ◽

Internet Users ◽

Confidential Data ◽

E Mail

Phishing is one of the most common attacks used to extract sensitive information for malicious use. It is one of the easiest ways to extract confidential data on a large-scale. A fraudulent website/e-mail which looks very similar to the original is setup to trap the victim to give away confidential information. A large population of internet users still lacks knowledge to avoid phishing. When the phishing attacks are complimented with social engineering skills, the success rate is increased. Along with the progress of technology, phishing techniques have evolved encroaching upon newer communication mediums like voice and text messages giving rise to newer specialized forms of Phishing called - Vishing and SMSishing. In this paper, we also cover how to avoid being a victim of these attacks. One of the best promising methods to avoid Phishing is Zero Knowledge Authentication -ZeKo which immunes the user from phishing attacks.

Download Full-text

Interaction of Personality and Persuasion Tactics in Email Phishing Attacks

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1541931213601815 ◽

2017 ◽

Vol 61 (1) ◽

pp. 1331-1333 ◽

Cited By ~ 3

Author(s):

Patrick Lawson ◽

Olga Zielinska ◽

Carl Pearson ◽

Christopher B. Mayhorn

Keyword(s):

Social Engineering ◽

Personality Inventory ◽

Identification Accuracy ◽

Third Party ◽

Sensitive Information ◽

Identification Task ◽

Engineering Research ◽

Phishing Attacks ◽

Multiple Interactions ◽

Increased Susceptibility

Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.

Download Full-text

A Mobile Anti-Phishing System Using Linkguard Algorithm

FUOYE Journal of Engineering and Technology ◽

10.46792/fuoyejet.v6i3.666 ◽

2021 ◽

Vol 6 (3) ◽

Author(s):

Elizabeth A Amusan ◽

Oluyinka T Adedeji ◽

Oluwaseun Alade ◽

Funmilola A Ajala ◽

Kayode O Ibidapo

Keyword(s):

Mobile Devices ◽

Private Information ◽

Crucial Role ◽

Social Engineering ◽

Cyber Attack ◽

Web Page ◽

Bank Account ◽

Phishing Attacks ◽

Technological Skills

Phishing is a type of cyber-attack where the attacker deploys a combination of social engineering and technological skills to trick users into revealing private information like bank account details, usernames and passwords by creating an imitation of an existing web page. This research developed an Android-based anti-phishing system leveraging on the ubiquity of mobile devices and their increasing applications for business and personal purposes. The system was developed by implementing an end-host based algorithm called the Linkguard algorithm which is effective in detecting and preventing both known and unknown phishing attacks. A total of over 500 links which was a blend of both phishing and non-phishing links were collected from Phishtank and Alexa to validate the proposed system which achieved an accuracy of 96%. It is recommended that concerted efforts should be geared towards continuously sensitizing users to improve their phishing awareness as this cybercrime keeps evolving and users play a very crucial role in mitigating it. Keywords— android, cybercrime, Linkguard algorithm, mobile, phishing

Download Full-text

Detecting Forged E-Mail using Data Mining Techniques

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a1169.109119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 4017-4023

Keyword(s):

Research Work ◽

Personal Communication ◽

Sensitive Information ◽

Business Organizations ◽

Phishing Attacks ◽

Confidential Data ◽

Alternative Means ◽

Using Data ◽

Modern Era ◽

E Mail

In the modern era of computers E-mails is becoming a very important mode of communication for industry, people, and organizations and for the society as a whole. Especially in corporate sectors and business organizations, Emails are widely used for business and personal communication. The feature of E-mails is that, it creates quick, reliable type of communication that's all free and simply accessible. In spite of so many alternative means of communication such as messages, social networks like WhatsApp, Twitter, and mobile applications, the uses of E-mails continuously growing exponentially. But due to its popularity there are continuously threats and attacks are carried out over E-mails for various gain. The foremost popular attack over the web is phishing mails. Phishers utilize E-mail services quite expeditiously in spite of different detection and hindrance techniques already in situ. Most of the present day phishing attacks use E-mail as the primary carrier. Phishers conceive to fraudulently acquire sensitive information, like usernames, passwords and master card details, by masquerading as a trustworthy entity in transmission. Even though there are a lot of existing techniques offered to notice phishing attacks, every one of them have their own limitations. This research aims to identify the phishing E-mails using classification techniques with a better accuracy. The technique proposed in this research work to classify forged E-mails from the Genuine E-mails and also examines the effectiveness of detection of common user’s phishing E-mails. It provides a great help to the common man by proper detection of phishing attacks and protecting their confidential data.

Download Full-text

Communicatio Idiomatum

10.1093/oso/9780198846970.001.0001 ◽

2019 ◽

Cited By ~ 1

Author(s):

Richard Cross

Keyword(s):

Sixteenth Century ◽

Human Nature ◽

Close Attention ◽

Divine Attributes ◽

Son Of God ◽

Comprehensive Account ◽

Highly Sensitive ◽

The Reformation ◽

Communicatio Idiomatum

This book offers a radical reinterpretation of the sixteenth-century Christological debates between Lutheran and Reformed theologians on the ascription of divine and human predicates to the person of the incarnate Son of God (the communicatio idiomatum). It does so by close attention to the arguments deployed by the protagonists in the discussion, and to the theologians’ metaphysical and semantic assumptions, explicit and implicit. It traces the central contours of the Christological debates, from the discussion between Luther and Zwingli in the 1520s to the Colloquy of Montbéliard in 1586. The book shows that Luther’s Christology is thoroughly Medieval, and that innovations usually associated with Luther—in particular, that Christ’s human nature comes to share in divine attributes—should be ascribed instead to his younger contemporary Johannes Brenz. The discussion is highly sensitive to the differences between the various Luther groups—followers of Brenz, and the different factions aligned in varying ways with Melanchthon—and to the differences between all of these and the Reformed theologians. And by locating the Christological discussions in their immediate Medieval background, the book also provides a comprehensive account of the continuities and discontinuities between the two eras. In these ways, it is shown that the standard interpretations of the Reformation debates on the matter are almost wholly mistaken.

Download Full-text

Semi-Automatic Online Tagging with K-Medoid Clustering

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194014400075 ◽

2014 ◽

Vol 24 (08) ◽

pp. 1115-1130 ◽

Cited By ~ 1

Author(s):

He Hu ◽

Xiaoyong Du

Keyword(s):

Clustering Algorithm ◽

Prototype System ◽

Web Pages ◽

Web Page ◽

Web Browser ◽

User Input ◽

Browser Extension ◽

Annotation Process ◽

Efficiency And Effectiveness ◽

Automatic Mechanism

Online tagging is crucial for the acquisition and organization of web knowledge. We present TYG (Tag-as-You-Go) in this paper, a web browser extension for online tagging of personal knowledge on standard web pages. We investigate an approach to combine a K-Medoid-style clustering algorithm with the user input to achieve semi-automatic web page annotation. The annotation process supports user-defined tagging schema and comprises an automatic mechanism that is built upon clustering techniques, which can automatically group similar HTML DOM nodes into clusters corresponding to the user specification. TYG is a prototype system illustrating the proposed approach. Experiments with TYG show that our approach can achieve both efficiency and effectiveness in real world annotation scenarios.

Download Full-text

CONSIDERATIONS OF CRIMINAL LAW AND FORENSIC SCIENCE REGARDING THE ILLEGAL ACCESS TO A COMPUTER SYSTEM

Agora International Journal of Juridical Sciences ◽

10.15837/aijjs.v11i2.3160 ◽

2018 ◽

Vol 11 (2) ◽

pp. 49-57

Author(s):

Adrian Cristian MOISE

Keyword(s):

Computer System ◽

Criminal Law ◽

Personal Information ◽

Social Engineering ◽

Criminal Code ◽

Criminal Offence ◽

Web Page ◽

Council Of Europe ◽

Visual Identity ◽

The Social

Starting from the provisions of Article 2 of the Council of Europe Convention on Cybercrime and from the provisions of Article 3 of Directive 2013/40/EU on attacks against information systems, the present study analyses how these provisions have been transposed into the text of Article 360 of the Romanian Criminal Code. Illegal access to a computer system is a criminal offence that aims to affect the patrimony of individuals or legal entities.The illegal access to computer systems is accomplished with the help of the social engineering techniques, the best known technique of this kind is the use of phishing threats. Typically, phishing attacks will lead the recipient to a Web page designed to simulate the visual identity of a target organization, and to gather personal information about the user, the victim having knowledge of the attack.

Download Full-text

The Human Beast

Claude Chabrol's Aesthetics of Opacity ◽

10.3366/edinburgh/9780748692606.003.0004 ◽

2018 ◽

Author(s):

Catherine Dousteyssier-Khoze

Keyword(s):

Human Nature ◽

Case Studies ◽

Serial Killer ◽

Film Analysis ◽

Close Attention ◽

And Gender

This chapter examines Chabrol’s fascination with ‘human beasts’ or ‘monsters’ through the following (overlapping) motifs: the serial killer, the automaton and the female killer. Through detailed film analysis and close attention to techniques, it shows how Chabrol uses these figures to rethink the boundaries and concepts of normality. Although he often provides a detailed social and ideological framework within which to problematize the human beast, class and gender are misleading keys and causality is ultimately blurred to the point of opacity. The closer one gets to the monster (sometimes literally, through the use of close-up shots), the less one understands it. Case studies of the following films illuminate how Chabrol explores film grammar to convey the complexities of human nature and the fragmented, opaque nature of evil: Le Boucher; Landru; Les Fantômes du chapelier; Violette Nozière; La Demoiselle d’honneur; Blood Relatives.

Download Full-text

Study and Survey on Blockchain Privacy and Security Issues

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch007 ◽

2021 ◽

pp. 169-191

Author(s):

Sourav Banerjee ◽

Debashis Das ◽

Manju Biswas ◽

Utpal Biswas

Keyword(s):

Data Storage ◽

Security And Privacy ◽

Sensitive Information ◽

Privacy And Security ◽

Unauthorized Access ◽

Security Issues ◽

Blockchain Technology ◽

Targeted Attacks ◽

Wide Range ◽

Financial Transactions

Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.

Download Full-text