ABSTRACT

The major security drawback in today’s world is due to Phishing attacks. Phishing attack makes
web users believe that they are communicating with a legitimate user the purpose is for stealing
personal information, account information, login credentials, and identity information. We
propose a techniques to detect and prevent the phishing attacks on e-mail. It is an end user
application that uses hyperlink and URL feature set to detect phishing attacks and makes the use
of digital signature to prevent the attack. Phishing attack method most commonly initiated by
sending out e-mails on the user machine with links to spoofed website that harvest the
information. Thus our application will act as an interface between e-mail service and a user to
provide secure communication between them. We believe that this will be more cost effective
and better way to prevent people from losing their private information due to phishing attack.

CHAPTER 1

INTRODUCTION

Phishing is a new word produced from 'fishing', it refers to the act that the attacker allure users to
visit a faked Web site by sending them faked e-mails (or instant messages), and stealthily get
victim's personal information such as user name, password, and national security ID, etc. This
information then can be used for future target advertisements or even identity theft attacks (e.g.,
transfer money from victims' bank account). The frequently used attack method is to send e-
mails to potential victims, which seemed to be sent by banks, online organizations, or ISPs. In
these e-mails, they will make up some causes, e.g., the Password of your credit card had been
miss-entered for many times, or they are providing upgrading services, to allure you visit their
Web site to conform or modify your account number and password through the hyperlink
provided in the e-mail. If you input the account number and password, the attackers then
successfully collect the information at the server side, and is able to perform their next step
actions with that information (e.g., withdraw money out from your account). Phishing itself is
not a new concept, but it's increasingly used by phishers to steal user information and perform
business crime in recent years. Within one to two years,the number of phishing attacks increased
dramatically.

OBJECTIVES

The motivation behind this study is to create a resilient and effective method that uses Data
Mining algorithms and tools to detect e-banking phishing website.

CHAPTER 2

TYPES OF PHISHING ATTACKS

• Deceptive Phishing

Attacker uses spoofed e-mails to lure unsuspecting victims into dummy websites designed to
deceive Recipients into disclosing financial data and personal information such as credit card
numbers, account usernames, passwords and social security numbers. This is called a deceptive
phishing attack. Deceptive refers to any attack that imitate a legitimate company and attempt to
steal the personal information [5].
Deceptive phishing is the messages that are required to confirm information about the account,
requesting users to re- enter their information, fictitious account charges, unwanted account
changes, new free services requiring quick action, and many other malicious sites are send to
many recipients with the hope that the unsuspecting will react by clicking a link to or signing
onto a bogus site where their secret information can be collected.

• Malware-Based Phishing

Malware-Based phishing refers to frauds that involve running malicious script on user’s PCs.
Malware can be as an email attachment, as a downloadable file from a web site for a particular
issue for small and medium businesses (SMBs) who are not always able to keep their software
applications up to date. Web Trojan pop up invisibly when users are attempting to log in. They
collect the personal information from the user and sends to the phisher.

• Key loggers and Screen loggers

Key loggers also refers to keystroke logging and key words capturing. In which the person is
unaware of that their actions are being monitored. This type of malware tracks the input from the
keyboard and the relevant information which were obtain is send to the hackers through
internet[5]. Key logging is the action of recording (logging) the key struck on a keyboard. They
go into the users' browsers as a small program and run automatically when the browser is started
as well as into system files as device drivers or screen monitors.

• Session Hijacking

The session hijacking is also refers to cookies hijacking. And it exploits the valid computer
session. By the session key attacker gains the unauthorized access to the information and
services to the computer system. This deals with monitoring the activities of the users until they
sign in to the account or transaction and create their important information [5].The infected
software will perform unauthorized actions in the user’s account, such as transferring funds from
user account to the attackers account, without the user's knowledge.

CHAPTER 2.1

CASE STUDIES

Case Study: Phone Phishing Experiment

For our testing specimen, and after taking all the necessary authorization and approval from the
management, a group of 50 employees were contacted by female colleges assigned to lure them
into giving away their personal ebanking accounts user name and password (through social and
friendly phone conversation with a deceiving purpose in mind). The results were beyond
expectations; many of the employees fell for the trick. After conducting friendly conversation
with them for some time, our team managed to seduce them into giving away their internet
banking credentials for fake reasons. Some of these lame reasons included checking their
privileges and accessibility, or for checking its integrity and connectivity with the web server for
maintenance purposes, account security and privacy assurance…etc. To assure the authenticity
of our request and to give it a social dimensional trend, our team had to contact them repeatedly
for about three or four time. As shown in table 1, our team managed to deceive 16 out of the 50
employees to give away their full e-banking credentials which represented 32% of the sample.
This percentage is considered a high one especially when we know that the victims were staff
members of Jordan Ahli Bank, who are supposed to be highly educated with regard to the risks
of electronic banking services.

A total of 16% (8 employees) agreed to give their user name only and refrained from giving
away their

passwords under any circumstances or excuses what so ever. The remaining 52% (26 employees)
were very cautious and declined to reveal any information regarding their credentials over the
phone. An overview of the results reveals the high risk of social engineering security factor.
Social engineering constitutes a direct internal threat to e-banking web services since its hacks
directly into the accounts of e-bank customers. The results also show the direct need to increase
the awareness of customers not to fall victims of this kind of threat that can lead to devastating
results.

Case Study: Website Phishing Experiment

We engineered a website for phishing practice and study. The website was an exact replica of
the original Jordan Ahli Bank website www.ahlionline.com.jo designed to trap users and induce
them by targeted phishing email to submit their credentials (username and password). The
specimen was inclusive of our colleagues at Jordan Ahli Bank after attaining the necessary
authorizations from our management. We deliberately put lots of known phishing features and
factors when creating the faked website in order to measure the user's awareness of these kinds
of risk. For example, using IP address instead of domain name, http instead of https, poor design,
spelling errors, absence of SSL padlock icon and phony security certificate. We targeted 120
employees with our deceiving phishing email, informing them that their e-banking accounts are
at the risk of being hacked and requested them to log into their account through fake link
attached to our email using their usual customer ID and password to verify their balance and then
log out normally. As shown in table 2, The website successfully attracted 52 out of the 120-
targeted employees representing 44%, who interacted positively by following the deceiving
instructions and submitting their actual credentials (customer ID, Password).

Surprisingly IT department employees and IT auditors constituted 8 out of the 120 victims
representing 7%, which shocked me, since we expected them to be more alert than others. From
other departments 44 employees of the 120-targeted employee’s victims representing 37%, fell
into the trap and submitted their credentials without any hesitation. The remaining 68 out of 120
representing 56% were divided as follows: 28 employees supplied incorrect info, which seems to
indicate a wary curiosity

representing 23%; and 40 employees, received the email,

but did not respond at all representing 33%. The results clearly indicate that phishing factor is
extremely dangerous.

CHAPTER 3

PHISHING CHARACTERISTICS AND INDICATORS

From our previous phishing case studies and

experiments we managed to gather 27 phishing features

and indicators and clustered them into six Criteria (URL

& Domain Identity, Security & Encryption, Source Code

& Java script, Page Style & Contents, Web Address Bar

and Social Human Factor ), and each criteria has its own

phishing components. For example, URL & Domain

Identity Criteria has five phishing indicator components

(Using IP address, abnormal request URL, abnormal URL

of anchor, abnormal DNS record and abnormal URL).
CHAPTER 3.1

LITERATURE REVIEW AND RELATED WORK

A. Protecting user against phishing using Anti-phishing:

To avoid the users from phishing attack, the Anti-phishing technique is used. In this technique,
Anti-Phish it will trace the personal information which will be filled by the user and it will
generate an alert to the user if the user is using untrusted website. We can train the users about
this type of phishing attacks. However, the napproach is not real, any user can get tricked. To
avoid this, it becomes mandatory to the associates to solve this problem.

B. Learning to Detect Phishing Emails:

To detect these attacks the alternative is a relevant process of reliability of machine on a trait
intended for the reflection of the besieged deception of user by means of electronic
communication. This can be used to trap the fake emails. Till now, approximately 800 phishing
mails and 7,000 non-phishing mails are traced till date.

C. Phishing detection system for e-banking using fuzzy data mining:

It is very complex to identify phishing websites, which are used mainly for e-banking services.
Certain data mining techniques may keep the e-commerce website safe since it deals with
various factors than exact values. In this paper, we are applying fuzzy logics along with data
mining algorithms for various effective factors of the e-banking phishing website. [1] Phishing
victims often do not realize that they have been tricked. The first phase in preventing phishing
problem is the detection of a phishing attack. Human detection and machine detection are the
two types of detection techniques.

• Human Detection:

All technology users are not the same. Some users are more knowledgeable about security issues
and some think longer before they click on a suspicious link. Internet users at their work may
receive training but otherwise most users are not particularly knowledgeable. Within an
organizational setting common operational procedure, knowledge sharing, and double
verification processes can reduce problems. Many technology workers are unaware of
theinformation systems to the user interaction model that they use. Hence it becomes easier for
the phishing attackers to present the web interface of some familiar webpage and lure the user to
enter their private information that is then transmitted to the attackers[4].

• Machine Detection:

It is important to identify phishing emails in order to detect traditional phishing. Various

approaches have been proposed to enhance classification accuracy of phishing emails. In the
authors study the selection of an effective feature subset out of existing proposed features by
evaluating various feature selection methods. Their system displays high accuracy while relying
on a relatively small number of classifiers. In a two dimensional approach to detect phishing
emails is presented. The proposed framework called Phish-Snag, operates between a user's mail
transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing
attacks even before reaching the user’s inbox. The detection rate of 93 percent with about 0.5
percent false positives or over 99 percent with a higher level of false positives was claimed by
the author. Phishing emails seek to actively misguide thevictim[4].

PROPOSED SYSTEM

There are number of users who purchase products online

and make payment through e- banking.

There are e- banking websites who ask user to

provide sensitive data such as username, password or credit

card details etc. often for malicious reasons.

This type of e-banking websites is known as

phishing website.

In order to detect and predict e-banking phishing

website, an intelligent, flexible and effective system that is

based on using classification Data mining algorithm is

proposed.

Classification algorithm is implemented and

techniques to extract the phishing data set criteria to classify

their legitimacy.

The e-banking phishing website can be detected

based on some important characteristics like URL and

Domain Identity, and security and encryption criteria in the

final phishing detection rate .

Once user makes transaction through online when he makes payment through e-banking website
our system will use data mining algorithms to detect whether the website is phishing website or
not.

This application can be use by many e-commerce enterprises in order to make the whole
transaction process secure.

Data mining algorithm used in this system provides

better performance as compared to other traditional

classifications algorithms.

With the help of this system user can also purchase

products online without any hesitation.

. HOW IT WORKS?

This system uses effective classification data mining

algorithm to detect the e-banking phishing websites.

The e-banking phishing website can be detected based

on some important characteristics like URL and

Domain Identity, and security and encryption criteria in

the final phishing detection rate.

This application can be used by many E-commerce

enterprises in order to make the whole transaction

process secure.

Data mining algorithm used in this system provides

better performance as compared to other traditional

classifications algorithms.

By using this system user can make purchase products

online securely.

PHISHING CHARACTERISTICS AND INDICATORS

CHAPTER 4

SOFTWARE REQUIREMENTS

Netbeans

JDK 8

Mysql

CHAPTER 4.1

SOFTWARE DISCRIPTION

NETBEANS

NetBeans is an integrated development environment (IDE) for Java. NetBeans allows

applications to be developed from a set of modular software components called modules.
NetBeans runs on Windows, macOS, Linux and Solaris. In addition to Java development, it has
extensions for other languages like PHP, C, C++, HTML5,[4] and JavaScript. Applications based
on NetBeans, including the NetBeans IDE, can be extended by third party developers.[5]

JDK8

The Java Platform, Standard Edition 8 Development Kit (JDK 8) is a feature release of the Java
SE platform. It contains new features and enhancements in many functional areas. The Java
Development Kit (JDK) is an implementation of either one of the Java Platform, Standard
Edition, Java Platform, Enterprise Edition, or Java Platform, Micro Edition platforms[1] released
by Oracle Corporation in the form of a binary product aimed at Java developers
on Solaris, Linux, macOS or Windows. The JDK includes a private JVM and a few other
resources to finish the development of a Java Application.[2] Since the introduction of
the Java platform, it has been by far the most widely used Software Development Kit
(SDK).[citation needed]
On 17 November 2006, Sun announced that they would release it under
the GNU General Public License (GPL), thus making it free software. This happened in large
part on 8 May 2007, when Sun contributed the source code to theOpenJDK.[3

MYSQL

MySQL is an open source relational database management system (RDBMS).[6] Its name is a
combination of "My", the name of co-founder Michael Widenius's daughter,[7] and "SQL", the
abbreviation for Structured Query Language.

MySQL is free and open-source software under the terms of the GNU General Public License,
and is also available under a variety of proprietary licenses. MySQL was owned and sponsored
by the Swedish company MySQL AB, which was bought by Sun Microsystems (now Oracle
Corporation).[8] In 2010, when Oracle acquired Sun, Monty Widenius forked the open-
source MySQL project to create MariaDB.

MySQL is a component of the LAMP web application software stack (and others), which is an
acronym for Linux, Apache, MySQL, Perl/PHP/Python. MySQL is used by many database-
driven web applications, including WordPress, Drupal, and phpBB. MySQL is also used by
many popular websites, including Google[

CHAPTER 4.3

PROJECT MODULES

The main aim of phishing attack is to steal personal information of user through online such as
passwords and credit card information from various users. According to EnginKirda and
Christopher Kruegel, phishing attacks have been rising and growing and they make available an
Anti-Phish technique which protects the inexperienced or new users from the web-site based
phishing attack[2]. Anti-Phish is an application that will be embedded into the browser and it
tracks the user’s information and prevents them from entering into the untrusted website. The
figure-1depicts the proposed working model for analysis of anti-phishing attacks. Modules of
proposed system are-

1. Creation of a mail system and database operations.

2. Composes, send and receive a mail.

3. Implementation of preventive measures and classification techniques.

CHAPTER 5

CHAPTER 6

FEATURES

A. Load Balancing

Since the system will be available only the admin logs in the amount of load on server will be
limited to time period of admin access.

B. Easy Accessibility:

Records can be easily accessed and store and other information respectively.

C. User Friendly:

The Website will be giving a very user friendly approach for all users.

D. Efficient and Reliable:

Maintaining the all secured and database on the server which will be accessible according the use
requirement without any maintenance cost will be a very efficient as compared to storing all the
customer data on the spreadsheet or in physically in the record books.

E. Easy Maintenance:

E-Banking Phishing Website is design as easy way. So maintenance is also easy.

CHAPTER 7

RESULT AND DISCUSSION

There is a significant relation between the two

phishing website criteria's (URL & Domain

Identity) and (Security & Encryption) for

identifying e-banking phishing website[20]. Also

found insignificant trivial influence of the (Page

Style & Content) criteria along with (Social

Human Factor) criteria for identifying e-banking phishing websites

SCREENSHOTS

ADVANTAGES
  This system can be used by many E-commerce Websites in order to have good customer
relationship.

 User can make online payment securely.

 Data mining algorithm used in this system provides better performance as compared to
other traditional classifications algorithms.

 With the help of this system user can also purchase products online without any
hesitation.

CONCLUSION

Phishing is one of the critical problem that may results in a continual threat and the risk is high in
social media. Phishing takes advantage of the trust that the user may not be capable to tell that
the site being visited, or program being used, is not actual; therefore, when this happens, the
hacker has the chance to gain the personal information of the targeted user, such as usernames,
security codes, passwords, and credit card numbers, among other things. [3] This paper discuss
about the various types of phishing attacks and various anti phishing techniques used to prevent
phishing attack.

E-banking phishing website model based on

classification data mining showed the significance

importance of the phishing website two criteria’s (URL &

Domain Identity) and (Security & Encryption) in the final

phishing detection rate, and also showed the insignificant

trivial influence of some other criteria like ‘Page Style &

content’ and ‘Social Human Factor’ in the final phishing

rate. The rules generated from the associative

classification model showed the correlation and

relationship between some of their characteristics which

can help us in building phishing website detection system.

The experiments demonstrate the feasibility of using

Associative Classification techniques in real applications

involving large databases and its better performance as

compared to other traditional classification algorithms,

FUTURE WORK

As for future work,

we want to use different pruning methods like lazy

pruning which discards rules that incorrectly classify

training instances and keeps all other rules to be used by

MCAR associative classification technique in order to

minimize the size of the resulting classifiers and to

experimentally measure and compare the effect of these

different pruning on the final result.