Phishing Websites Detection Based on Web Source Code and URL in the Webpage

Abstract
Major security issues for banking and financial institutions are Phishing. Phishing is a webpage attack, it pretends a customer web services using tactics and mimics from unauthorized persons or organization. It is an illegitimate act to steals user personal information such as bank details, social security numbers and credit card details, by showcasing itself as a truthful object, in the public network. When users provide confidential information, they are not aware of the fact that the websites they are using are phishing websites. This paper presents a technique for detecting phishing website attacks and also spotting phishing websites by combines source code and URL in the webpage.
Keywords: Phishing, Website attacks, Source Code, URL
I.Introduction
Phishing is a type of practice done on the Internet where personal details are obtained by unlawful methods. It is an online kind of pretexting (rewriting or changing the original information) where fraud can take place by an attacker who appears to be someone else to get the most sensitive details from users [1]. Fraudsters looking to gather financial information have developed a new way to lure unsuspecting victims: they go phishing. In the first half of 2012, the RSA Anti-Fraud Command Center identified 195,487 unique phishing attacks -an increase of 19% as compared to the second half of 2011[3]. The word "phishing" originally comes from the analogy that early Internet criminals used e-mail lures to "phish"for passwords and financial data from a sea of Internet users. The use of "ph" in the terminology is partly lost in the annals of time, but most likely linked to popular hacker naming conventions such as "phreaks" which traces back to early hackers who were involved in "phreaking" the hacking of telephone systems. The term was coined in the 1996 timeframe by hackers who were stealing America Online (AOL) accounts by scamming passwords from unsuspecting AOL users[2]. The most common purpose of phishing scams include:
Theft of login credentials typically credentials for accessing online services such as eBay, Hotmail, etc. More recently, the increase in online share trading services has meant that a customer's trading credentials provide an easy route for international money transfers.
Theft of banking credentials typically the online login credentials of popular high-street banking organizations and subsequent access to funds ready for transfer.
Observation of Credit Card details access to a steady stream of credit card details (i.e. card number, expiry and issue dates, cardholder's name and credit card validation (CCV) number) has immediate value to most criminals.
Capture of address and other personal information any personal information, particularly address information, is a highly saleable and in constant demand by direct marketing companies.
Distribution of botnet and DDoS agents criminals use phishing scams to install special bot and DDoS agents on unsuspecting computers and add them to their distributed networks. These agents can be rented to other criminals.
Attack Propagation Through a mixture of spear phishing and bot agent installations, phishers can use a single compromised host as an internal 'jump point' within the organization for future attack. The proposed phishing website detection system will detect threats and indicate that e-mails, websites or the URLs are not secured and help the user avoid the hacker's trap. Such a type of detection builds confidence in both the users and the Internet community. The phishing website detection system will guide users by providing knowledge of Internet threats. In phishing detection, there are two types of techniques: the white list technique and the heuristic based mechanism. These two techniques act as filters in detecting phishing websites. In white list technique, a few anti-phishing websites are listed. If the user accessed websites are not in the white list, then these will be concluded as phishing websites. The heuristic based mechanism works with various aspects like keywords and domain name to decide whether the website is a phishing website or not [1].The rest of the paper is as follows: Section II discusses about the background, section III presents the design and implementation of the system, section IV describes the evaluation procedure and results and final conclusions are made in section V.