Today’s phishing attacks are the combination of social engineering and technical exploits designed to convince a victim to provide personal information. The attacks are designed in a way to fool even a modern technical user who has a complete understanding of the Internet and phishing. The attacker even send spoofed message to complement the spoofed phishing mail they have sent to make the e-mail even convincing. We have done everything from SSL to installing toolbar and Add-on to counter them, but we still could not overpower the attackers. Human being, the weakest chain in all of this, falls as a prey in the attacker’s hand. To mitigate this widespread problem of phishing on the Internet, almost all modern-day browsers provide security indicators. A lot have been done to identify it, but still it remains an imminent threat on the Internet. In this paper, I have introduced a new project ‘SECLAYER’ to stop phishing attacks. This Add-on can detect malicious website with 100% success, if the attacker does not have physical access to the system. This Add-on interacts with its hosted companion to maintain a list of websites to prevent phishing on.

Phishing is a variant of the term ‘fishing’, in which an attacker sets bait for the potential victim to grab or click on a malicious link or an attachment to acquire sensitive information like usernames, passwords and financial keys like credit card number, etc. Phishing has become the most common channel for thieves for acquiring personal information to aid them in identity theft (Brody et al., 2007; and Anderson et al., 2008). There are many techniques for phishing ranging from code-based key-loggers (Goring et al., 2007), Domain Name System (DNS) poisoning, search engine phishing to mass e-mailing (Forte, 2009). Parno et al. (2006) concluded that phishing is a significant and growing problem which threatens to impose increasing monetary losses on businesses and to shatter consumer confidence in e-commerce. Chou et al. (2004) highlighted that criminals become more active and their attacks become more sophisticated, making user-based protection mechanisms fragile given the user population of non-experts. The most common phishing attack is the same sending a well-crafted e-mail to the victims and asking for the private and sensitive information. Nowadays, phishing attacks include the use of spoofed Short Messaging Service (SMS) to make the e-mail look more trustworthy and appealing. The number of phishing has been increasing so rapidly due to the ease in implementing the same. One just needs an Internet connection for the attack. So the need for a complete and easy to implement solution is urgency for the prevention of such attacks. Karlof et al. (2007) stated that these attacks are particularly devious because the browser’s URL bar will display the domain name of the legitimate site and potentially fooling even the most meticulous users.

Information Technology Journal, Phishing, Anti-phishing, Phishing-Plugin, Internet Security, Seclayer.