Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

Develop a Hybrid Classification using an Ensemble Model for Phishing Website Detection

Solutions to threats posed by technical and social vulnerabilities must be found to secure the web interface. Social engineering attacks frequently use phishing as one of their vectors. The importance is promptly detecting phishing attacks has increased. The classifier model was constructed using publicly accessible data from trustworthy and phishing websites. A variety of methods were used to extract relevant features to build the model. Before a user experiences any harm, Machine Learning algorithms can reliably identify phishing attacks. To identify phishing attacks on the website, this study presents a novel ensemble model. In this paper, the Artificial Neural Network (ANN) and the Random Forest Classifier (RFC) are used in an ensemble method along with the Support Vector Machine (SVM). Compared to previous studies, this ensemble method more accurately and efficiently detects website phishing attacks. According to experimental findings, the proposed system detects phishing attacks 97.3% of the time

Intelligent Security for Phishing Online using Adaptive Neuro Fuzzy Systems

Anti-phishing detection solutions employed in industry use blacklist-based approaches to achieve low false-positive rates, but blacklist approaches utilizes website URLs only. This study analyses and combines phishing emails and phishing web-forms in a single framework, which allows feature extraction and feature model construction. The outcome should classify between phishing, suspicious, legitimate and detect emerging phishing attacks accurately. The intelligent phishing security for online approach is based on machine learning techniques, using Adaptive Neuro-Fuzzy Inference System and a combination sources from which features are extracted. An experiment was performed using two-fold cross validation method to measure the system’s accuracy. The intelligent phishing security approach achieved a higher accuracy. The finding indicates that the feature model from combined sources can detect phishing websites with a higher accuracy. This paper contributes to phishing field a combined feature which sources in a single framework. The implication is that phishing attacks evolve rapidly; therefore, regular updates and being ahead of phishing strategy is the way forward

Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector

Phishing is currently one of the biggest threats in cybersecurity for both the business and the private contexts. A large percentage of phishing attacks are blocked by automated technical solutions, but unfortunately there is often a delay between when phishing emails enter inboxes and when the technical solutions are able to detect and filter them out. To close this gap, it is common practice for companies to implement mandatory phishing awareness measures for their employees. But what about the private context? We aimed at answering that question by analysing94 anti-phishing webpages from eight different countries and four organisation types. Our analysis revealed not only contradicting recommendations, but also that most of them are rather abstract (e.g. check the URL before clicking on the link without telling what to look for) and lack guidance on advanced phishing techniques (e.g. clone phishing). We discuss the problems faced by readers of these webpages and outline both immediate recommendations to the web designer and ways forward to improve the current situation as future work