Protecting the Online User’s Information Against Phishing Attacks Using Dynamic Encryption Techniques

A phishing attack is a criminal activity which mimics a certain legitimate webpage using a fake webpage with an intention of luring end-users to visit the fake website thereby stealing their personal information such as usernames, passwords and other personal details such as credit card information. Phishing has seen an alarming trend of increase in both the volume and the sophistication of phishing attacks. According to a description of phishing by APWG, the ways phishers steal consumers’ personal information consist of social engineering and technical subterfuge. In technical-subterfuge schemes, phishers furtively plant crime ware onto users’ computers to intercept their online account user names and passwords, while in social-engineering schemes they send spoofed e-mails to consumers purporting to be from legitimate businesses and agencies and then mislead consumers to counterfeit websites. When a user wants to access the website, the server sends an encrypted security code to the user through the communication protocol. If the user’s login name is not valid it will show an error message. If the user’s name is valid, the website checks the user’s registered account and sends an acknowledgement to that user. The legitimate or true webpage mimicked by the fake webpage is defined as the phishing target. Such phishing attacks if executed on newly created web pages prove difficult to identify as it becomes hard to tell which the phishing page is and which the target is. We anticipate that our approach would be deployed for websites requiring a high level of security and that it would ultimately help in remaining customer confidence in using web-based commerce. The automatic discovery of phishing target is proposed to solve the above problem.