Phishing Websites

Phishing has grown in importance as a danger in the cyberspace in recent years, particularly with the increased usage of messaging and social networks. The goal of a classic phishing attack is to get visitors to visit a fake website that provides for the purpose of obtaining certain personal information, such as credit card numbers, usernames, passwords, and even money, the site was meticulously created to look exactly like a well-known banking, e-commerce, social networks, etc., website. The majority of phishers often use emails to forward their attacks to the target website. Users of any expertise level can browse these bogus websites and divulge their private information. In a phishing assault examination of 45 nations in the fourth quarter of 2016, China, Turkey, and Taiwan had the highest rates of malware infections (47.09%, 42.88%, and 38.98%, respectively). Because phishing attacks are semantics-based attacks that primarily take advantage of the weaknesses of computer users, detecting these attacks can be difficult.

What is Phishing?

Phishing is a type of fraud where the attacker poses as a trustworthy source in an effort to steal sensitive data. In a typical phishing assault, the victim clicks on a compromised link that appears to be from a trustworthy source. The victim is then asked for their login credentials, but since it’s a “false” website, the confidential information is instead given to the hacker, and they are “hacked.” Phishing is a frequent form of assault due to its little effort and big reward. Modern web browsers, antivirus software, and email clients are generally good at spotting phishing websites at their source and helping to thwart attacks.

Phishing Attacks

Types of Phishing Attacks

1. Spear phishing : Instead of focusing on a large population, spear phishing targets certain persons. Attackers frequently conduct online and offline research on their targets. They can then personalise their communications and sound more genuine. The initial stage in a targeted attack to get past a company’s defences is frequently spear phishing.
2. Deceptive Phishing : The most typical kind of phishing is deceptive phishing. In this instance, the attacker tries to get the victims to reveal sensitive information. Attackers use the data to commit financial crimes or carry out other types of offences. Deceptive phishing is when someone sends you a fake bank email asking you to click a link and confirm your account information.
3. Whaling : Whaling is the term for when attackers target a “big fish,” such as a CEO. These attackers frequently invest a lot of time analysing the victim in order to determine the best time and method for acquiring login information. The issue of whaling is particularly important because senior executives have access to a lot of corporate data.
4. Pharming : Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate. However, in this case, victims do not even have to click a malicious link to be taken to the bogus site. Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.

URL and Attackers techniques

Attackers employ a variety of methods to prevent phishing attacks from being recognized by security software or users. To comprehend the attackers’ strategies, it is necessary to be aware of the elements that make up the URL (Uniform Resource Locator) structure.

NLP methods for detecting Phishing Websites

1. Edit Distance : Suppose there are given two strings, str1 and str2, the algorithm finds the minimum number of operations done on str1 to make it str2. The allowed operations are : 1. Insert 2. Remove 3. Replace Example: With this Edit Distance algorithm it can be find if the URL of the website is altered to make it look similar to the real website(instagram is the original website and the link provided was instagramm).

Result:

How Substring Extraction happen ? :

NLP Based Phishing Attack Detection from URLs(Substring Extraction)

2. Decision Tree : For the decision tree approach firstly needs to collect a dataset that contains phishing as well as legitimate websites URL. Then extract the required features from the URL database. For this use NLP for the preprocessing of data and use features like tokenization, Stemming etc. Then by dividing the dataset into training and testing sets, run selected machine learning and deep neural network algorithms like SVM, Random Forest, decision tree, Autoencoder on the dataset.

How do I protect against phishing attacks?

1. User Education : User education is one method of phishing defence for your company. All employees should participate in education. High-ranking officials are frequently the target. Teach your students how to spot phishing emails and what to do if they arrive. Exercises that simulate phishing attacks are essential for gauging how your staff will respond to one.
2. Security Technology : Phishing assaults cannot be stopped by a single cybersecurity tool. Instead, enterprises must employ a multi-layered strategy to lower the severity of any attacks that do happen and cut down on their frequency. The following network security technologies should be used: access control, malware protection, email and online security, and malware detection.
3. Check the URL : To learn how to identify phishing URLs, you need to check the authenticity of the web address. If it starts with ‘http://’ instead of ‘https://,’ be cautious. The additional ‘S’ means that the website is encrypted and secured with an SSL certificate. An SSL certificate is like a code that promotes extra security for online communications. However, nowadays, phishers have also started to use ‘https://,’ so this aspect isn’t a foolproof sign.
4. Check the quality of Content : The original website’s content will be crisp, well-written, and free of any grammatical, punctuation, and spelling errors. Even if the fake site is a carbon copy of the original one, the visuals might be lower resolution.
5. Is it Demanding Personal Information? : We often receive emails that direct us to click on the given link. If a pop-up appears asking for personal details like your phone number, email address, password, residential address, banking details, ID number, etc., consider this a red flag.
6. Is it a Non Secured Website? : At times, we try to visit a website, but we get a security alert — ’connection is not secure.’ In such a situation, it’s crucial to understand how to recognize phishing links. First, click on the padlock icon appearing on the left side of the URL.This way, you can avail yourself of the information related to security certificates and cookies. A cookie is a file in which a user’s data is stored and sent to the website owner. In most cases, it offers a better user experience; however, phishers often tend to misuse this information.