By Topic

PhishGuard: A browser plug-in for protection from phishing

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yogesh Joshi ; IIIT-Bangalore, Electronic City, India ; Samir Saklikar ; Debabrata Das ; Subir Saha

Phishing is an act of identity theft aimed at acquiring sensitive information such as usernames, passwords, credit card detail etc., by masquerading as a trustworthy entity in an electronic communication. Phishers use a number of different social engineering mechanism such as spoofed e-mail to try to trick their victims. Data suggests that some of the phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites resulting in a direct loss of multi Billion Dollars across the countries. Though there are many existing anti-phishing solutions, Phishers continue to succeed to lure victims. In this paper, we have proposed a novel algorithm which aims at identifying a forged website by submitting random credentials before the actual credentials in a login process of a website. We have also proposed a mechanism for analysing the responses from the server against the submissions of all those credentials to determine if the website is original or phished one. Though our idea is generic and would work in any authentication technologies which are based on exchange of any credentials, our current prototype is developed for sites supporting HTTP Digest Authentication and accepting userid and password pair as credential. Our algorithm is developed within a browser plug-in for Mozilla FireFox v3.0. and can detect phishing attack conclusively.

Published in:

Internet Multimedia Services Architecture and Applications, 2008. IMSAA 2008. 2nd International Conference on

Date of Conference:

10-12 Dec. 2008