• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1037-1047
• /
• 2013

As damages from phishing have been increased, many anti-phishing solutions and related researches have been studied. Anti-phishing solutions are often built in web-browsers or provided as security toolbars. Other types of solutions are also developed such as email-filtering and solutions strengthening server authentication via secret image sharing. At the same time, researchers have tried to see the reasons why phishing works and how effective anti-phishing solutions are. In this paper, we review relevant anti-phishing solutions, their techniques and other phishing-related researches. Based on these, we summarize recommended ways to improve anti-phishing solutions and suggest the future directions to study to protect users from phishing attacks.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.157-163
• /
• 2023

The attack technique targeting end-users through phishing URLs is very dangerous nowadays. With this technique, attackers could steal user data or take control of the system, etc. Therefore, early detecting phishing URLs is essential. In this paper, we propose a method to detect phishing URLs based on supervised learning algorithms and abnormal behaviors from URLs. Finally, based on the research results, we build a framework for detecting phishing URLs through end-users. The novelty and advantage of our proposed method are that abnormal behaviors are extracted based on URLs which are monitored and collected directly from attack campaigns instead of using inefficient old datasets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.313-320
• /
• 2015

While various phishing attacks are getting to be increased in constant, their response methods still stay on the stage of responding after identifying an attack. To detect a phishing site ahead of an attack, a method has been suggested with utilizing the Referer header field of HTTP. However, it has a limitation to implement a traffic gathering system for each of prospective target hosts. This paper presents a unknown phishing site detection method in the Interior network environment. Whenever a user try to connect a phishing site, its traffic is pre-processed with considering of the characteristics of HTTP protocol and phishing site. The phishing site detection phase detects a suspicious site under phishing with analysing HTTP content. To validate the proposed method, some evaluations were conducted with 100 phishing URLs along with 100 normal URLs. The experimental results show that our method achieves higher phishing site detection rate than that of existing detection methods, as 66% detection rate for the phishing URLs, and 0% false negative rate for the normal URLs.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.10
• /
• pp.349-360
• /
• 2015

In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-advantages respectively, but the phishing attack has not been eradicated completely yet. In this paper, we have studied phishing in detail and categorize a process of phishing attack in two parts - Landing-phase, Attack-phase. In addition, we propose an phishing detection methodology based on web sites heuristic. To extract web sites features, we focus on URL and source codes of web sites. To evaluate performance of the suggested method, set up an experiment and analyze its results. Our methodology indicates the detection accuracy of 98.9% with random forest algorithm. The evaluation of proof-of-concept reveals that web site features can be used for phishing detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.819-825
• /
• 2012

Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.

• Journal of Information Technology Services
• /
• v.15 no.2
• /
• pp.35-49
• /
• 2016

With the gradual development of IT technology, voice phishing victims are increasing in number. In the past when only voice phone calls were made, personal information or financial information were stolen mainly by a direct phone call, but recently, as smart phones are widely in use, it is evolving into a way such as smishing that leads an access to a site with malicious codes spreading out. Since it is easy to run away after committing a crime, and trace are rarely left in case of voice phishing, it is difficult to find out criminal. In addition, it is most likely that a victim be would be exposed to further damage from another voice phishing. Its technique is growing in kinds and turning more intelligent day by day; Therefore, its victims are increasing in number. Previous researches mainly focused the area of legal studies while the factors exposed to voice phishing have not been made. Therefore, this study has analyzed the motifs in which voice phishing is done to draw out its outcomes as follows. First, a victim comes to trust the criminal by the factors of favorability, rare message, and mutuality. Second, the more sophisticated the technique of a criminal, the more likely a victim is exposed to voice phishing.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.791-805
• /
• 2022

In recent years, the number of scams related to voice phishing has been on the decline, but the number of messenger phishing attacks, a new type of crime, is increasing. In this study, by analyzing SNS posts containing messenger phishing cases, criminal trends of the main methods, imposture of trusted relative and fake payment were identified. Through the analysis, main words and patterns composing the message and the similarity and continuity of the phone numbers used were derived as criminal attributes, and criminal organizations were grouped. As the results of the analysis, we propose a cooperative system to prevent damage from messenger phishing by disseminating the criminal information collected by investigative agencies to private operators, and a plan to respond to messenger phishing predicted through grouping of criminal organizations.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.79-86
• /
• 2022

Voice phishing is a cyber crime in which fake financial institutions, the Public Prosecutor's Office, and the National Police Agency are impersonated to find out an individual's Certification number and credit card number or withdraw a deposit. Recently, voice phishing has been carried out in a subtle and secret way. Analyzing the trend of voice phishing that occurred in '18~'21, it was found that there is a seasonality that occurs rapidly at a time when the movement of money is intensifying in the trend of voice phishing, giving ambiguity to time series analysis. In this research, we adjusted seasonality using the X-12 seasonality adjustment methodology for accurate prediction of voice phishing occurrence trends, and predicted the occurrence of voice phishing in 2022 using the ARIMA model.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.