Phishing is a variant of the term ‘fishing’, in which an attacker sets bait for the potential
victim to grab or click on a malicious link or an attachment to acquire sensitive
information like usernames, passwords and financial keys like credit card number,
etc. Phishing has become the most common channel for thieves for acquiring personal
information to aid them in identity theft (Brody et al., 2007; and Anderson et al.,
2008). There are many techniques for phishing ranging from code-based key-loggers
(Goring et al., 2007), Domain Name System (DNS) poisoning, search engine phishing
to mass e-mailing (Forte, 2009). Parno et al. (2006) concluded that phishing is a
significant and growing problem which threatens to impose increasing monetary losses
on businesses and to shatter consumer confidence in e-commerce. Chou et al. (2004)
highlighted that criminals become more active and their attacks become more
sophisticated, making user-based protection mechanisms fragile given the user
population of non-experts. The most common phishing attack is the same sending a
well-crafted e-mail to the victims and asking for the private and sensitive information.
Nowadays, phishing attacks include the use of spoofed Short Messaging Service (SMS) to make the e-mail look more trustworthy and appealing. The number of phishing has
been increasing so rapidly due to the ease in implementing the same. One just needs
an Internet connection for the attack. So the need for a complete and easy to implement
solution is urgency for the prevention of such attacks. Karlof et al. (2007) stated that
these attacks are particularly devious because the browser’s URL bar will display the
domain name of the legitimate site and potentially fooling even the most meticulous
users.
|