DOCSLIB.ORG

(12) Patent Application Publication (10) Pub. No.: US 2015/0067853 A1 Amrutkar Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

US 20150.067853A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2015/0067853 A1 Amrutkar et al. (43) Pub. Date: Mar. 5, 2015 (54) SYSTEMIS AND METHODS FOR DETECTING Publication Classification MALICOUS MOBILE WEBPAGES (51) Int. Cl. (71) Applicant: Georgia Tech Research Corporation, H04L 29/06 (2006.01) Atlanta, GA (US) (52) U.S. Cl. CPC ...................................... H04L 63/14 (2013.01) (72) Inventors: Chaitrali Amrutkar, Atlanta, GA (US); USPC ............................................................ 726/23 Patrick Gerard Traynor, Atlanta, GA (US); Young Seuk Kim, Atlanta, GA (57) ABSTRACT (US) The disclosed technology includes techniques for identifying (73) Assignee: Georgia Tech Research Corporation, malicious mobile electronic documents, e.g., webpages or Atlanta, GA (US) emails, based on static document features. The static features may include mobile-specific features, such as mobile web (21) Appl. No.: 14/218,760 API calls, hosted mobile-specific binaries, noscript content, or misleading URL tokens visible on a mobile-specific inter (22) Filed: Mar 18, 2014 face. The static features may instead or also include various JavaScript (JS) features, HTML features, and URL features Related U.S. Application Data detected in numbers outside ranges expected for desktop (60) Provisional application No. 61/870,372, filed on Aug. electronic documents. These features may be used with 27, 2013, provisional application No. 61/884,460, machine learning techniques to classify benign and malicious filed on Sep. 30, 2013. documents in real time. 800 WARNING kAY} has hocked access to fittp://inobile paypai, coni.guti initiinii, coni.ar/ his page is suspicious and 240 possibly maicious, Weakygii. 33: {e costisse assway38 {{{2:33eisiisk. Patent Application Publication Mar. 5, 2015 Sheet 1 of 11 US 201S/OO67853 A1 ZET08T ZZI I (,) ZOI Patent Application Publication Mar. 5, 2015 Sheet 2 of 11 US 201S/OO67853 A1 FIG. 2 270 280 275 2OO Patent Application Publication Mar. 5, 2015 Sheet 3 of 11 US 201S/OO67853 A1 | i 83ixi:38.88: 83:38. 3 &: 8. : 88: w's 8 8 t : :8 :Y: -- 8s cs. 8.9co (D : () : L s: x: 83 x Patent Application Publication Mar. 5, 2015 Sheet 4 of 11 US 201S/OO67853 A1 s s s Spe wa ne wa N w y N s N w w Sin IOI Saisedgaw aqout Jo it Patent Application Publication Mar. 5, 2015 Sheet 5 of 11 US 201S/OO67853 A1 5 l 8.^: wit: & er Patent Application Publication Mar. 5, 2015 Sheet 6 of 11 US 201S/OO67853 A1 s Patent Application Publication Mar. 5, 2015 Sheet 7 of 11 US 201S/OO67853 A1 (O,OI it o iss: to: ...it ties: : Patent Application Publication Mar. 5, 2015 Sheet 8 of 11 US 201S/OO67853 A1 WARNING 820 kAYO has blocked access to http://mobile paypal.com.gua intunit.com, ary This page is Suspicious and 240 possibly malicious. wic:3sixty:::::::: x} xxxii.338 3xy ways 830 Patent Application Publication Mar. 5, 2015 Sheet 9 of 11 US 201S/OO67853 A1 6"SDI | 8906 Patent Application Publication Mar. 5, 2015 Sheet 10 of 11 US 201S/OO67853 A1 FIG. 10 START 002 Receiving a request to evaluate an electronic document, the request including location information associated with the electronic document 004 Responsive to receiving the request, determining an electronic document accessed based on the received location information 006 Responsive to determining the accessed electronic document, extracting one or more static mobile-specific features from the accessed electronic document, the static mobile-specific features including an indication of at least one of mobile-specific application programming interface (API) calls and mobile-Specific files hosted at a domain associated with the accessed electronic document 008 Determining, by a processor and based on the extracted static mobile Specific features, a likelihood of the accessed electronic document being malicious END 000 Patent Application Publication Mar. 5, 2015 Sheet 11 of 11 US 201S/OO67853 A1 START F.G. 11 1 102 Receiving, from a client computer, a request to evaluate a webpage, the request including URL and browser information 04 Responsive to receiving the request, determining a webpage accessed based on the received URL and browser information; Responsive to determining that the accessed webpage is a mobile webpage, extracting one or more static mobile-specific features from the accessed webpage, the static mobile-specific features including an indication of at least one of misleading words located within a predetermined number of characters of a beginning of the URL and an indication of noscript content associated with the webpage 08 Determining, by the processor and based on the extracted static mobile specific features, a likelihood of the accessed webpage being malicious Sending, to the client computer, an indication of the likelihood of the accessed webpage being malicious END US 2015/OO67853 A1 Mar. 5, 2015 SYSTEMS AND METHODS FOR DETECTING based on the received location information. The method may MALICOUS MOBILE WEBPAGES yet further include, responsive to determining the accessed electronic document, extracting one or more static mobile CROSS-REFERENCE TO RELATED specific features from the accessed electronic document. The APPLICATIONS static mobile-specific features may include an indication of at 0001. This application claims priority to, and the benefit least one of mobile-specific application programming inter under 35 U.S.C. S 119(e), of U.S. Provisional Patent Applica face (API) calls and mobile-specific files hosted at a domain tion No. 61/870,372, filed 27 Aug. 2013, and U.S. Provisional associated with the accessed electronic document. The Patent Application No. 61/884,460, filed 30 Sep. 2013, the method may also include determining, by a processor and entire contents and Substance of which are hereby incorpo based on the extracted static mobile-specific features, a like rated by reference as if fully set forth below. lihood of the accessed electronic document being malicious. 0007 According to another example embodiment, a com BACKGROUND puter program product is provided. The computer program 0002 Mobile devices such as smartphones and tablets are product may include a computer-readable medium. The com increasingly being used to access the web. However, in spite puter-readable medium may store instructions that, when of significant advances in mobile processing power and band executed by at least one processor of a system, causes the width, the browsing experience on mobile devices differs system to perform a method. The method may include receiv considerably from the browsing experience on personal com ing, from a client computer, a request to evaluate a webpage. puters. These differences may largely be attributed to varia The request may include URL and browser information. The tions in form factor. In particular, the portrait orientation and method may further include, responsive to receiving the dramatic reduction of screen size affect the content, function request, determining a webpage accessed based on the ality, and layout of mobile webpages. received URL and browser information. The method may yet 0003 Static webpage features such as the frequency of further include, responsive to determining that the accessed iframes or the number of redirections have previously been webpage is a mobile webpage, extracting one or more static assumed strong indicators of malicious intent when assessing mobile-specific features from the accessed webpage. The desktop webpages. However, due to the significant changes static mobile-specific features may include an indication of at made to accommodate mobile devices, such assumptions least one of misleading words located within a predetermined may not carry over to mobile-specific webpages. For number of characters of a beginning of the URL and an example, whereas requiring multiple directions might be indication of noscript content associated with the webpage. flagged as Suspicious in the desktop setting, many popular The method may also include determining based on the benign mobile websites require multiple redirections before extracted static mobile-specific features, a likelihood of the arriving at a content page. Conventional static analysis tech accessed webpage being malicious. Moreover, the method niques also fail to consider mobile-specific webpage ele may include sending, to the client computer, an indication of ments, such as calls to mobile APIs. the likelihood of the accessed webpage being malicious. 0004 Moreover, many mobile-specific URLs return 0008 According to another example embodiment, a sys empty pages when rendered in a desktop browser. Thus, con tem is provided. The system may include at least one memory ventional dynamic analysis techniques that preview operatively coupled to at least one processor and configured webpages in Sandboxed desktop browsers are similarly inef for storing data and instructions. The data and instructions, fective for mobile-specific webpages. Even signature-based when executed by at least one processor, may cause the sys tools, such as Google Safe Browsing, currently only work tem to receive, from a web browser, a request for a webpage. with desktop browsers. The request may include URL information. The data and instructions may further cause the system to, responsive to SUMMARY receiving the request, determine that a webpage accessed 0005 New tools and techniques are necessary to identify based on the URL information is a mobile webpage. The data malicious pages in the mobile web. Some or all of the above and instructions may yet further
Recommended publications
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
  • Hacker 6-22-2020 Four Credential Scamming “Paypal” Emails Reported

    Hacker 6-22-2020 Four Credential Scamming “Paypal” Emails Reported

    Hacker 6-22-2020 Four Credential Scamming “PayPal” Emails Reported: Two Wyoming citizens reported four credential scamming emails claiming to be from PayPal asking you to log-in and confirm information about your PayPal account. None of the links actually forwarded to PayPal. The first one had a subject line of Reminder: [Action Required] Someone just signed in using your account to make an unexpected payment. - Identity Ticket: [#90144094]. The sender was from "serviс[email protected]ρaI.сom" [email protected]. This email claims that your access has been limited and asks you to verify your PayPal information but the link is not to PayPal and instead is to http://trk.klclick3.com/// with a long string of letters. The second email’s subject line was Reminder : [Daily Report Alert] Statement update login with Google Chrome From Guinea on 19 June, 2020. The email stated that “You are in violation of PayPal’s Acceptable Use Policy,” was from the email address of "[email protected]" [email protected]. The third email’s subject line was Your account has been suspended (Ref - 09189042696) and the sender’s email address was [email protected] <m6utz07crsj2fo9- [email protected] and it claimed to find suspicious activity on your credit card and you should log-in to confirm. The final email’s subject line was [New access detected] [Statements Update] [Daily Report] Statement Update New Login: Monday, June 15, 2020 from "[email protected]" [email protected] and it also claimed that you were in violation of PayPal’s Acceptable Use Policy.
  • Development and Evaluation of a Secure Web Gateway with Messaging Functionality

    Development and Evaluation of a Secure Web Gateway with Messaging Functionality

    DEVELOPMENT AND EVALUATION OF A SECURE WEB GATEWAY WITH MESSAGING FUNCTIONALITY Utilizing Existing ICAP and Open-source Tools To Notify And Protect End Users from Internet Security Threats. A thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Computer Science at the University of Canterbury by Michael Bruce Pearce University of Canterbury Department of Computer Science and Software Engineering 2010 Abstract Secure web gateways aim to protect end user systems against web based threats. Many proprietary commercial systems exist. However, their mechanisms of operation are not generally publicly known. This project undertook development and evaluation of an open source and standards based secure web gateway. The proof of concept system developed uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) and Java modules installed on the ICAP server to perform various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration). The makeup of the proof of concept system and the evaluation methodology for both effec- tiveness and performance are discussed. The effectiveness was tested using comparative analysis of groups of self-browsing high interaction client honey pots (employing a variety of security measures) and recording different system alteration rates. Performance was tested across a wide range of variables to determine the failure conditions and optimal set up for the components used. The system developed met the majority of the goals set, and results from testing indicate that there was an improvement in infection rates over unprotected systems.
  • Why Phishing Works Rachna Dhamija J

    Why Phishing Works Rachna Dhamija J

    Why Phishing Works Rachna Dhamija J. D. Tygar Marti Hearst [email protected] [email protected] [email protected] Harvard University UC Berkeley UC Berkeley ABSTRACT INTRODUCTION To build systems shielding users from fraudulent (or What makes a web site credible? This question has been phishing) websites, designers need to know which attack addressed extensively by researchers in computer-human strategies work and why. This paper provides the first interaction. This paper examines a twist on this question: empirical evidence about which malicious strategies are what makes a bogus website credible? In the last two successful at deceiving general users. We first analyzed a years, Internet users have seen the rapid expansion of a large set of captured phishing attacks and developed a set scourge on the Internet: phishing, the practice of direct- of hypotheses about why these strategies might work. We ing users to fraudulent web sites. This question raises then assessed these hypotheses with a usability study in fascinating questions for user interface designers, because which 22 participants were shown 20 web sites and asked both phishers and anti-phishers do battle in user interface to determine which ones were fraudulent. We found that space. Successful phishers must not only present a high- 23% of the participants did not look at browser-based credibility web presence to their victims; they must create cues such as the address bar, status bar and the security a presence that is so impressive that it causes the victim to indicators, leading to incorrect choices 40% of the time. fail to recognize security measures installed in web We also found that some visual deception attacks can fool browsers.

  • Scam and Complaints Industry Report 2012 Q2.Pdf

    Thank you for viewing the Scambook Second Quarter 2012 Report. Scambook is an online complaint resolution platform. Anyone can fall victim to fraud, regardless of age, gender, race, nationality, education level, economic status or disability. At Scambook, our goal is to find justice for fraud victims and prevent future exploitation by building communities and educating the public with resources such as this Report. We begin this Report with an introduction to Scambook, including a statisti- cal overview concerning the prevalence of fraud in the United States. In this section, we will provide exclusive data about the Top 10 Most Affected States in the U.S. for Q2 2012 and compare this data to figures gathered in Q1. Then, we will move on to Fraud in Focus. This section provides an in-depth industry analysis of the four most aggressive, widespread fraud schemes for Q2 2012: • Fake Job Offers • Smishing/Text Message Fraud • Phishing/Email Fraud • Unauthorized Credit Card Charges For each Fraud in Focus, we will summarize the fraud scheme, provide back- ground context, disseminate data gathered from our users and describe a Case Study that exemplifies the fraud scheme. Each section will also include expert Warning Signs and Safety Tips address- ing each specific fraud scheme. In addition to our Fraud in Focus analysis, this Report contains general Consumer Safety Tips, Testimonies from actual Scam- book members and External Resources We encourage you to download this Report and share it with your community. We hope this Report will serve as an educational guide for consumers, empow- ering them with the information they need to avoid falling victim to fraud.
  • Phishing-Book-Chapte

    Phishing-Book-Chapte

    Handbook of Research on Social and Organizational Liabilities in Information Security Manish Gupta State University of New York at Buffalo, USA Raj Sharman State University of New York at Buffalo, USA INFORMATION SCIENCE REFERENCE Hershey • New York Director of Editorial Content: Kristin Klinger Director of Production: Jennifer Neidig Managing Editor: Jamie Snavely Assistant Managing Editor: Carole Coulson Typesetter: Jeff Ash Cover Design: Lisa Tosheff Printed at: Yurchak Printing Inc. Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue, Suite 200 Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: [email protected] Web site: http://www.igi-global.com and in the United Kingdom by Information Science Reference (an imprint of IGI Global) 3 Henrietta Street Covent Garden London WC2E 8LU Tel: 44 20 7240 0856 Fax: 44 20 7379 0609 Web site: http://www.eurospanbookstore.com Copyright © 2009 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging-in-Publication Data Handbook of research on social and organizational liabilities in information security / Manish Gupta and Raj Sharman, editors. p. cm. Includes bibliographical references and index. Summary: "This book offers insightful articles on the most salient contemporary issues of managing social and human aspects of information security"--Provided by publisher.

  • Priority Development Assistance Fund Scam

    Priority Development Assistance Fund scam From Wikipedia, the free encyclopedia The Priority Development Assistance Fund scam, also called the PDAF scam or the pork barrel scam, is a political scandal involving the alleged misuse by several members of the Congress of the Philippines of their Priority Development Assistance Fund (PDAF, popularly called "pork barrel"), a lump-sum discretionary fund granted to each member of Congress for spending on priority development projects of the Philippine government, mostly on the local level. The scam was first exposed in the Philippine Daily Inquirer on July 12, 2013,[1] with the six-part exposé of the Inquireron the scam pointing to businesswoman Janet Lim-Napoles as the scam's mastermind after Benhur K. Luy, her second cousin and former personal assistant, was rescued by agents of theNational Bureau of Investigation on March 22, 2013, four months after he was detained by Napoles at her unit at the Pacific Plaza Towers in Fort Bonifacio.[2] Initially centering on Napoles' involvement in the 2004 Fertilizer Fund scam, the government investigation on Luy's testimony has since expanded to cover Napoles' involvement in a wider scam involving the misuse of PDAF funds from 2003 to 2013. It is estimated that the Philippine government was defrauded of some ₱10 billion in the course of the scam,[1] having been diverted to Napoles, participating members of Congress and other government officials. Aside from the PDAF and the fertilizer fund maintained by the Department of Agriculture, around ₱900 million

  • An Introspective Behavior Based Methodology to Mitigate E-Mail Based Threats

    AN INTROSPECTIVE BEHAVIOR BASED METHODOLOGY TO MITIGATE E-MAIL BASED THREATS BY MADHUSUDHANAN CHANDRASEKARAN THESIS Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering in the Graduate School of the State University of New York at Buffalo, 2009 Buffalo, New York © Copyright by Madhusudhanan Chandrasekaran, 2009 All Rights Reserved To my family. iii Abstract E-mail is touted as the backbone of present day communication. Despite its convenience and im- portance, existing e-mail infrastructure is not devoid of problems. The underlying e-mail protocols operate on the assumption that users would not abuse the privilege of sending messages to each other. This weakness in design is consistently taken advantage by attackers to carry out social engineering and security exploits on day-to-day e-mail users. As a result, three prominent e-mail based threats have surfaced, viz. (i) spam; (ii) phishing; and (iii) information leak. While spam e-mail classification has received a lot of attention in the recent years, the other two threats still loom at large. The main goal of this dissertation is to design and develop efficient behavior based classification techniques that help to address each of these threats in a piecemeal fashion. The first part of this dissertation attempts to tackle the problem of detecting phishing e-mails before they reach users’ inboxes. To begin with, shortcomings of existing spam filters toward clas- sifying phishing e-mails are highlighted. To overcome them, a customizable and usable spam filter (CUSP) that detects phishing e-mails from the absence of personalized user information contained in them is proposed.
  • Fraud Report FINAL 23/12/03 3:25 PM Page I

    Fraud Report FINAL 23/12/03 3:25 PM Page I

    Fraud Report FINAL 23/12/03 3:25 PM Page i M E I A N L T R O A F P V I I A C T O R PARLIAMENT OF VICTORIA DRUGS AND CRIME PREVENTION COMMITTEE INQUIRY INTO FRAUD AND ELECTRONIC COMMERCE Final Report January 2004 by Authority Government Printer for the State of Victoria No. 55 Session 2003-2004 Fraud Report FINAL 23/12/03 3:25 PM Page ii The Report was prepared by the Drugs and Crime Prevention Committee. Drugs and Crime Prevention Committee Inquiry into Fraud and Electronic Commerce: – Final Report DCPC, Parliament of Victoria ISBN: 0-646-43091-2 Drugs and Crime Prevention Committee Level 8 35 Spring Street Melbourne Victoria 3000 Telephone: (03) 9651 3541 Facsimile: (03) 9651 3603 Email: [email protected] http://www.parliament.vic.gov.au/dcpc page ii Fraud Report FINAL 23/12/03 3:25 PM Page iii Drugs and Crime Prevention Committee – 55th Parliament Ms Carolyn Hirsh, M.L.C.– Chair The Hon. Robin Cooper, M.L.A. – Deputy Chairman Ms Kirstie Marshall, M.L.A. Mr Ian Maxfield, M.L.A. The Hon. Sang Minh Nguyen, M.L.C. Dr Bill Sykes, M.L.A. Mr Kim Wells, M.L.A. Drugs and Crime Prevention Committee – 54th Parliament The Hon. Cameron Boardman, M.L.C. – Chairman Mr Bruce Mildenhall, M.L.A. – Deputy Chairman The Hon. Robin Cooper, M.L.A. Mr Kenneth Jasper, M.L.A. Mr Hurtle Lupton, M.L.A. The Hon. Sang Minh Nguyen, M.L.C.
  • UC San Diego UC San Diego Electronic Theses and Dissertations

    UC San Diego UC San Diego Electronic Theses and Dissertations

    UC San Diego UC San Diego Electronic Theses and Dissertations Title Investigating Large-Scale Internet Abuse Through Web Page Classification Permalink https://escholarship.org/uc/item/8jp0z4m4 Author Der, Matthew Francis Publication Date 2015 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, SAN DIEGO Investigating Large-Scale Internet Abuse Through Web Page Classification A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science by Matthew F. Der Committee in charge: Professor Lawrence K. Saul, Co-Chair Professor Stefan Savage, Co-Chair Professor Geoffrey M. Voelker, Co-Chair Professor Gert Lanckriet Professor Kirill Levchenko 2015 Copyright Matthew F. Der, 2015 All rights reserved. The Dissertation of Matthew F. Der is approved and is acceptable in quality and form for publication on microfilm and electronically: Co-Chair Co-Chair Co-Chair University of California, San Diego 2015 iii DEDICATION To my family: Kristen, Charlie, David, Bryan, Sarah, Katie, and Zach. iv EPIGRAPH Everything should be made as simple as possible, but not simpler. | Albert Einstein Sic transit gloria . glory fades. | Max Fischer v TABLE OF CONTENTS Signature Page . iii Dedication . iv Epigraph . v Table of Contents . vi List of Figures . ix List of Tables . xi Acknowledgements . xiii Vita . xviii Abstract of the Dissertation . xix Chapter 1 Introduction . 1 1.1 Contributions . 4 1.2 Organization . 6 Chapter 2 Background . 8 2.1 The Spam Ecosystem . 8 2.1.1 Spam Value Chain . 9 2.1.2 Click Trajectories Finding . 10 2.1.3 Affiliate Programs .
  • Study on Phishing Attacks and Antiphishing Tools

    Study on Phishing Attacks and Antiphishing Tools

    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072 STUDY ON PHISHING ATTACKS AND ANTIPHISHING TOOLS Dr.Radha Damodaram Associate Professor, School of Computer Science,CMS College of Science & Commerce, Coimbatore, Tamili Nadu, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - The Internet has a remarkable platform usability evaluation, a number of usability issues may for common people communication. Persons with found. [13]. criminal mind have found a way of stealing personal information without actually meeting them and with 2. STEPS IN PHISHING the least risk of being caught. It is called Phishing. Phishing poses a huge threat to the e-commerce A person who engaged in malware activities is called a industry. Not only does it shatter the confidence of phisher. Phishing attacks today typically employ customers towards e-commerce, but also causes generalized “lures”, intimidating users and creating fear – electronic service providers tremendous economic a common example is “we need you to confirm your loss. Hence it is essential to know about phishing. This account details or we must shut your account down”. An paper gives awareness about phishing attacks and approach which is believed to become more and more anti-phishing tools. common is context aware attack: this is a more complex approach as it not only uses threat or enticement, but Key Words: Phishing, phishing steps, phishing types, makes the victim think of the messages as expected, and Anti-phishing tools. therefore legitimate. 1. INTRODUCTION The method used by phishers is usually to make fraudulent websites, similar to the genuine website by Phishing is an act of attempting a victim for fraudulently mimicking the HTML code containing the same images, acquires sensitive information by impersonating a text and sections.
  • Towards Electronic Media Awareness: the Basics of Security Engineering in FL Teacher Education

    Towards Electronic Media Awareness: the Basics of Security Engineering in FL Teacher Education

    Augustyn Surdyk' Towards electronic media awareness: The basics of security engineering in FL teacher education 1. Introduction Foreign language teachers as well as students and graduates of philological studies, who engage more and more often in other professions (outside educa­ tion), similar to all other people, are internet users. Likewise, unfortunately, they equally have to face the dangers arising from the use of these media, either for personal or for professional reasons. It needs to be mentioned that not all graduates of philological studies are prepared in the course of their studies to perform the job of a teacher, moreover, even those who are do not always choose to work in the field of teaching. The scale of the phenomenon is so large that it may be claimed, teachers in fact may soon transpire to be a minority among the graduates of philology studies'. Each year the number of specializations available to students of philology at Polish universities is rising. It enables the students to study and prepare for many other profes­ sions, outside the field of education. Among philology graduates there is a rise in the number of translators, whose work may eventually vary from single-person microfirms, through organised translation companies, to posi­ tions as translators employed by the European Parliament in Brussels as well as other specialists who become employed in various spheres of the economy and public life3 in such professions as: intercultural communication trainer, intercultural conflicts mediator, cultural advisor and intermediary, advertis­ ing industry worker, journalist, columnist, written and spoken communica­ tion specialist, technical documentation editor, programmer and hypertext designer, linguistic design specialist of computer assisted educational systems , Some fragments of this chapter constituted an article already published by the same author in the Polish language.