FAKE WEBSITE DETECTION




  • What is phishing

    Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. OR Phishing is a cyber attack where the attacker tricks the target into disclosing personal information, revealing login credentials, or transferring money.

  • The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc. A phisher's success is contingent upon establishing trust with its victims.

    Successful Phishing attacks can:

    Cause financial loss for victims

    Put their personal information at risk

    Put data and systems at risk

  • Deceptive Phishing: Deceptive phishing is by far the most common type of phishing scam. In this ploy, fraudsters impersonate a legitimate company to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

    Spear Phishing: Spear Phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites. That way, they can customize their communications and appear more authentic.

    Other phishing Technique

    Angler Phishing: This cyberattack comes by way of social media. It may involve fake URLs, instant messages or profiles used to obtain sensitive data. Attackers also peruse social profiles to glean any personal information they can use for social engineering.

    Clone Phishing: Clone phishing involves exact duplication of an email to make it appear as legitimate as possible.

    Domain Spoofing: In this category of phishing, the attacker forges a company domain, which makes the email appear to be from that company.

    Email Phishing: Phishing emails are often the first to come to mind when people hear the term phishing. Attackers send an illegitimate email asking for personal information or login credentials.

    Search Engine Phishing: Rather than sending correspondence to you to gain information, search engine fishing involves creating a website that mimics a legitimate site. Site visitors are asked to download products that are infected with malware or provide personal information in forms that go to the attacker.

    Smishing: Combine SMS with phishing and you have the technique called smishing. With smishing, attackers send fraudulent text messages in an attempt to gather information like credit card numbers or passwords.

    Whaling: A whaling attack targets the big fish, or executive-level employees. An attack of this sort often involves more sophisticated social engineering tactics and intelligence gathering to better sell the fake.

    Vishing: Combine VoIP with phishing and you get vishing. This type of phishing involves calls from a fraudulent person attempting to obtain sensitive information.

    Malvertising: Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements

  • To help prevent phishing attacks, you should observe general best practices, similar to those you might undertake to avoid viruses and other malware. First, make sure your systems are updated to help protect against known vulnerabilities. Protect devices and systems with reputable security software and firewall protection. You can also add software that watches for PII being sent over email or other insecure methods.Since the weak link in phishing attacks is the end user, you should provide proper end-user security awareness training and educate your team on how to recognize a phishing scam. The key to protecting against phishing lies in the ability to recognize the cyberattack as illegitimate. Following are some key concepts to include in end-user training:

    Users are to choose strong passwords and be wary of posting your personal details on social media. Information like birthdates, addresses and phone numbers are valuable to an attacker.

    If there are any suspicions about an email or social post, contact the IT team to have them examine the situation.

    Only open attachments from a trusted source. When in doubt, check with the alleged sender directly.

    Note any language differences in messaging or emails that vary from legitimate organizational communications.

    Never give away personal information in an email or unsolicited call. For instance, financial institutions will never call and ask for login credentials or account info because they already have it.

    Inspect emails for typos and inaccurate grammar. This is usually a dead giveaway of less-sophisticated phishing scams.

    Don’t supply personal information via email or text.

    Beware of urgent or time-sensitive warnings. Phishing attacks often prompt action by pretending to be urgent.

    Verify emails and other correspondence by contacting the organization directly. If you think something is fishy (okay, bad pun), a phone call can quickly identify a legitimate call from a fake one.

  • Since we can’t control the criminals, let’s take a look at how you can prevent phishing attacks.
    Train Your Employees - Unsuspecting employees who are not trained to identify phishing emails are easily tricked. If they click on a link, open an attachment, or respond to the email, they could be giving the attacker exactly what they need to break into your system. Training is by far the most crucial action you can take to avoid phishing attacks. By investing in your employees’ security education, you empower them to take ownership of security best practices. With training, your employees can identify a phishing email and report suspicious activity before any information is compromised.

    Update Your Antivirus Software- Keeping your antivirus software updated adds a layer of security. The software will scan files coming into your computer, preventing possible damage. Ensure that your anti-spyware and firewall settings are active.

    Stay Up-to-Date - By staying in-the-know, you remain vigilant to phishing attempts. Research common phishing scams so that you’re aware of what security professionals see as the main threats. The more aware you are of what’s out there, the more likely you are to identify a possible attack.

About PhishDetector

Phishing is an internet scam in which an attacker sends out fake messages that look to come from a trusted source. A URL or file will be included in the mail, which when clicked will steal personal information or infect a computer with a virus. Phish Detector is a project which aims to help reduce phishing attack by helping internet users authenticate URL link by testing if it is phishing or legitimate. The progress of validating a Website URL for phishing or legitimate has gone through several Machine learning models.

About Us

This Project is done by Final Year Students of Computer Science and Engineering at G Pulla Reddy Engineering College

K Asrith
B Hemanth
B Lingesh

Guided By
Sri M Anand