A TECHNICAL SEMINAR REPORT

ON

PHISHING

In partial fulfillment of the requirements for the award of the degree of

BACHELOR OF TECHNOLOGY IN
COMPUTER SCIENCE AND ENGINEERING

By
STUDENT NAME ROLLNO

Nithish Mode 17641A0515

VAAGDEVI COLLEGE OF ENGINEERING

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

UGC AUTONOMOUS
(Accredited by NBA, Accredited by NAAC with “A”)
Bollikunta, Warangal, Telangana-506001 (2020-2021)
 VAAGDEVI COLLEGE OF ENGINEERING

Department of Computer Science and Engineering

UGC AUTONOMOUS
(Accredited by NBA, Accredited by NAAC with “A”)
Bollikunta, Warangal, Telangana-506001
(2020-2021)

CERTIFICATE

This is to certify that the Technical seminar work entitled “PHISHING” is a

bonafide work done by NITHISH MODE (17641A0515) in the department of
Computer Science and Engineering, Vaagdevi College Of Engineering, Bollikunta is
approved by AICTE and permanently affiliated to JNTUH in partial fulfillment of the
requirements for the award of the degree of Bachelor of Technology in the
specialization Computer Science and Engineering.

Guide Head of the Department

Dr. Ayesha Banu Dr.V.JANAKI
 PROFESSOR & H.O.D
INDEX

S.No Content Pages

1 Introduction 1
2 Phishing life cycle 2
3 Types of Phishing 3-22
1. Email Phishing
1.1. Spear Phishing
1.2. Whaling and CEO fraud
1.3. Clone Phishing
2. Voice Phishing
3. SMS Phishing
4. Page Hijacking

4 Techniques 23-26
i. Link Manipulation
ii. Filter Evasion
iii. Social Engineering
5 Implementation /Working 27
6 Result 28
7 Applications 29
i. Avast Online Security
ii. Netcraft
8 Scope of the Project 30
9 Conclusion 31
 INTRODUCTION

In the field of computer security, Phishing is the criminally fraudulent process of

attempting to acquire sensitive information such as usernames, passwords and credit card details,
by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent
e-mail that attempts to get you to divulge personal data that can then be used for illegitimate
purposes.

There are many variations on this scheme. It is possible to Phish for other information in
additions to usernames and passwords such as credit card numbers, bank account numbers, social
security numbers and mothers’ maiden names. Phishing presents direct risks through the use of
stolen credentials and indirect risk to institutions that conduct business on line through erosion of
customer confidence. The damage caused by Phishing ranges from denial of access to e-mail to
substantial financial loss.

This report also concerned with anti-Phishing techniques. There are several different
techniques to combat Phishing, including legislation and technology created specifically to
protect against Phishing. No single technology will completely stop Phishing. However a
combination of good organization and practice, proper application of current technologies and
improvements in security technology has the potential to drastically reduce the prevalence of
Phishing and the losses suffered from it. AntiPhishing software and computer programs are
designed to prevent the occurrence of Phishing and trespassing on confidential information.
Anti-Phishing software is designed to track websites and monitor activity; any suspicious
behavior can be automatically reported and even reviewed as a report after a period of time.

This also includes detecting Phishing attacks, how to prevent and avoid being scammed,
how to react when you suspect or reveal a Phishing attack and what you can do to help stop
Phishers
Phishing life cycle

A fake webpage generally contains a login form, and when a user opens the fake webpage and
inputs personal information, this information is accessed by the attacker. Furthermore, the
attackers use this information for some personal and financial gain [12]. The life cycle of a
phishing attack is shown in the following steps are involved in a phishing attack:

Step 1: The attacker copies the content from the website of a well-known company or a bank and
creates a phishing website. The attacker keeps a visual similarity of the phishing website similar
to the corresponding legitimate website to attract more users.

Step 2: The attacker writes an email and includes the link of the phishing website and sends it to
a large number of users. In the case of spear phishing, a mail is sent to only selected targeted
users.

Step 3: The user opens the email and visits the phishing website. The phishing website asks the
user to input personal information, for example, if the attacker mimics the phishing website of a
well-known bank, then the users of bank are very likely to give up their credentials to the fake
website.

Step 4: The attacker gets personal information of the user via the fake website and uses this
information of the user for financial or some other benefits.
 TYPES OF PHISHING

1. Email phishing.

1.1 Spear phishing.

1.2 Whaling and CEO fraud.

1.3 Clone phishing.

2. Voice phishing.

3. SMS phishing.

4. Page hijacking.

1.Email phishing
 Most phishing messages are delivered by email, and are not personalized or targeted to a
specific individual or company–this is termed "bulk" phishing. The content of a bulk phishing
message varies widely depending on the goal of the attacker–common targets for impersonation
include banks and financial services, email and cloud productivity providers, and streaming
services. Attackers may use the credentials obtained to directly steal money from a victim,
although compromised accounts are often used instead as a jumping-off point to perform other
attacks, such as the theft of proprietary information, the installation of malware, or the spear
phishing of other people within the target's organization. Compromised streaming service
accounts are usually sold directly to consumers on darknet markets.

Harvesting Information:

The cyber attacker’s goal is to fool you into clicking on a link and taking you to a website
that asks for your login and password, or perhaps your credit card or ATM number. These
websites look legitimate, with exactly the same look, imagery and feel of your online bank or
store, but they are fake websites designed by the cyber attacker to steal your information.

• Infecting your computer with malicious links:

Once again, the cyber attacker’s goal is for you to click on a link. However, instead of
harvesting your information, their goal is to infect your computer. If you click on the link, you
are directed to a website that silently launches an attack against your computer that if successful,
will infect your system.

• Infecting your computer with malicious attachments:

These are phishing emails that have malicious attachments, such as infected PDF files or
Microsoft Office documents. If you open these attachments they attack your computer and, if
successful, give the attacker complete control.

• Scams:

These are attempts by criminals to defraud you. Classic examples include notices that
you’ve won the lottery, charities requesting donations after a recent disaster or a dignitary that
needs to transfer millions of dollars into your country and would like to pay you to help them
with the transfer. Don’t be fooled, these are scams created by criminals who are after your
money.
 PROTECTING YOURSELF

In most cases, simply opening an email is safe. For most attacks to work you have to do
something after reading the email (such as opening the attachment, clicking on the link or
responding to the request for information). Here are some indications if an email is an attack:

• Be suspicious of any email that requires “immediate action” or creates a sense of

urgency. This is a common technique used by criminals to rush people into making a mistake.

• Be suspicious of emails addressed to “Dear Customer” or some other generic salutation.

If it is your bank they will know your name.

• Be suspicious of grammar or spelling mistakes; most businesses proofread their

messages carefully before sending them.

• Do not click on links. Instead, copy the URL from the email and paste it into your
browser. Even better is to simply type the destination name into your browser.

• Hover your mouse over the link. This will show you the true destination where you
would go if you actually clicked on it. If the true destination of the link is different than what is
shown in the email, this may be an indication of fraud.

• Be suspicious of attachments and only open those that you were expecting.
 • Just because you got an email from your friend does not mean they sent it. Your
friend’s computer may have been infected or their account may have been compromised, and
malware is sending the email to all of your friend’s contacts. If you get a suspicious email from a
trusted friend or colleague, call them to confirm that they sent it. Always use a telephone number
that you already know or can independently verify, not one that was included in the message.

If after reading an email you think it is a phishing attack or scam, simply delete the email.
Ultimately, using email safely is all about common sense. If something seems suspicious or too
good to be true, it is most likely an attack. Simply delete the email.

1.1 Spear phishing

Spear phishing is an attempt to entice a specifically targeted victim to open a malicious
attachment or visit a malicious website with the intent of gaining insight into confidential data
and/or acting on nefarious objectives against the victim’s organization. A common tactic used by
an attacker is a spoofed email address designed to look like it’s coming from a source that is
trusted by the victim. Reconnaissance and social engineering tactics may also help produce
content and wording that makes the delivery email more believable to the victim.

A Typical Attack Scenario

A common tactic used in spear phishing campaigns is delivery of a malicious file as an email
attachment. The attachment is often a common file format (zip, rtf, doc, xls) with an embedded
executable or exploit that serves to provide the attacker a foothold in the environment. One
common delivery mechanism is by way of an executable file embedded within an obfuscated zip:
Spear phishing is an email or electronic communications scam targeted towards a specific
individual, organization or business. Although often intended to steal data for malicious
purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

This is how it works: An email arrives, apparently from a trustworthy source, but instead
it leads the unknowing recipient to a bogus website full of malware. These emails often use
clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams
where the emails appeared to be from the National Center for Missing and Exploited Children.
 Many times, government-sponsored hackers and hacktivists are behind these attacks.
Cybercriminals do the same with the intention to resell confidential data to governments and
private companies. These cybercriminals employ individually designed approaches and social
engineering techniques to effectively personalize messages and websites. As a result, even high-
ranking targets within organizations, like top executives, can find themselves opening emails
they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to
attack their networks.

How to Protect Yourself

Traditional security often doesn't stop these attacks because they are so cleverly
customized. As a result, they're becoming more difficult to detect. One employee mistake can
have serious consequences for businesses, governments and even nonprofit organizations. With
stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or
commit various acts of espionage. In addition, spear phishing attacks can deploy malware to
hijack computers, organizing them into enormous networks called botnets that can be used for
denial of service attacks.
Attachments contained within Spear Phishing emails will appear as a common file type such as
.rtf or .pdf. When the attachment is opened embedded malicious software is executed designed
to compromise the target’s IT device.

1.2 Whaling and CEO fraud

Whaling, also known as CEO fraud, is a type of spear-phishing attack that targets specific high-
profile individuals: typically board members or those with access to corporate bank accounts. 

A whaling attack is a method used by cybercriminals to masquerade as a senior player at an

organization and directly target senior or other important individuals at an organization, with the
aim of stealing money or sensitive information or gaining access to their computer systems for
criminal purposes. Also known as CEO fraud, whaling is similar to phishing in that it uses
methods such as email and website spoofing to trick a target into performing specific actions,
such as revealing sensitive data or transferring money . There have been multiple instances of
organizations losing tens of millions of dollars to such attacks. https://www.knowbe4.com/ceo-
fraud
 A whaling attack is a method used by cybercriminals to masquerade as a senior player at
an organization and directly target senior or other important individuals at an organization, with
the aim of stealing money or sensitive information or gaining access to their computer systems
for criminal purposes. Also known as CEO fraud, whaling is similar to phishing in that it uses
methods such as email and website spoofing to trick a target into performing specific actions,
such as revealing sensitive data or transferring money.

Whereas phishing scams target non-specific individuals and spear-phishing targets particular
individuals, whaling doubles down on the latter by not only targeting those key individuals, but
doing so in a way that the fraudulent communications they are sent appear to have come from
someone specifically senior or influential at their organization. Think of them as "big phish" or
"whales" at the company, such as the CEO or finance manager. This adds an extra element of
social engineering into the mix, with staff reluctant to refuse a request from someone they deem
to be important.

The threat is very real and growing all the time. In 2016, the payroll department at Snapchat
received a whaling email seemingly sent from the CEO asking for employee payroll information.
Last year, toy giant Mattel fell victim to a whaling attack after a top finance executive received
an email requesting a money transfer from a fraudster impersonating the new CEO. The
company almost lost $3 million as a result.

As mentioned earlier, whaling differs from spear-phishing in that fraudulent

communications appear to have come from someone senior. These attacks can be made all the
more believable when cybercriminals use significant research that utilizes openly available
resources such as social media to craft a bespoke approach that's tailored for those target
individuals.

This could include an email that seems to be from a senior manager and could include a
reference to something that an attacker may have gleaned online, for example, when they’ve seen
said person on some social media images of the office Christmas party: ‘Hi John, it’s Steve again
– you were pretty drunk last Thursday! Hope you managed to get that beer stain out of your red
shirt!’
In addition, the sender's email address typically looks like it's from a believable source and may
even contain corporate logos or links to a fraudulent website that has also been designed to look
legitimate. Because a whale's level of trust and access within their organization tends to be high,
it's worth the time and effort for the cybercriminal to put extra effort into making the endeavor
seem believable.

Defending against whaling attacks starts with educating key individuals within your organization
to ensure they are routinely on guard about the possibility of being targeted. Encourage key staff
members to maintain a healthy level of suspicion when it comes to unsolicited contact, especially
when it pertains to important information or financial transactions. They should always ask
themselves if they were expecting the email, attachment or link? Is the request unusual in any
way?
 1.3 Clone phishing

Clone phishing definition – in this type of phishing, the attacker clones a genuine or legitimate
email that you might have received from an authentic sender but sent from a spoofed email id.
The attacker creates an email that is identical to a genuine email, that he intercepts or can be a
part of a previous message that the receiver sent to the sender. This email copy contains
malicious content like a link that, when clicked leads to the installation of malware onto your
system. 
Thus, the main difference between this type of phishing and other kinds of phishes is that there is
a duplication of an original and existing email. 

How does this form of phishing happen? The email copy is sent containing malicious links or
attachments. The attacker just waits for the recipient to click on the links because doing so leads
to a sure-shot trap.

hacker watches out for the victims who click it. When a victim successfully falls for the cloned
email, the hacker forwards the same forged email to the contacts from the victim’s inbox. 

Research points out that between October 2017 and March 2018, the number of
cloned websites was up by 73.8%. Of this, about 48.6% were sites that used
.com.
WHAT ARE THE CRITICAL FEATURES OF CLONE PHISHING?
 There is a duplicate copy of a genuine email. 
 The email contains links and attachments that are malicious in nature.
 The email id is false though it will appear to be legitimate.
 The clone email is usually made to appear like part of existing email correspondence. So,
you could receive it as a reply to the original message or an updated version.
Clone phishing leaves behind a harmful trail – it is because users generally do not doubt or
distrust emails and have probably no knowledge of detecting spoofed email ids or a duplicate
email.
 EXAMPLES – CLONE PHISHING 

Here are a few examples of emails that have been targeted and phished. 

 Messages that contain a headline, saying that there is a discount or credit offer that lapses
before a specific date.
 Words like ‘Click here to get your refund or credit’.
 ‘Hurry your credit is about to expire’.
 A virus warning that appears hoax.
 An invitation to click on a link saying ‘click on this link’ or ‘here is the invite’.
 An email that promises rewards – mentions an amount of money or a coupon card and
then asks the user to click on the link for claiming the reward. To create urgency, there would be
a date mentioned saying that the user needs to click the link by a particular date to avail of the
offer.

Clone phishing is a next-level attempt of tricking the recipient’s suspicions beyond spear
phishing. This attack has got the following characteristics:
 A spoofed email address will appear to have come from a legitimate source
 The attached file or link in the email is replaced with a malicious version
 The cloned email will claim to be a revert of the original email or an updated version of
the original email
Users assume that the websites or domains they interact with are safe. But in reality,
hackers trick users by impersonating domains and cloning websites. This is why the clone
phishing attack is considered as the most harmful one because it is hard for victims to
suspect a spoofed email.
2. Voice phishing

Voice phishing, or vishing is the use of telephony (often Voice over IP telephony) to

conduct phishing attacks. Attackers will dial a large quantity of telephone numbers and play
automated recordings - often made using text to speech synthesizers - that make false claims of
fraudulent activity on the victim's bank accounts or credit cards. The calling phone number will
be spoofed to show the real number of the bank or institution impersonated. The victim is then
directed to call a number controlled by the attackers, which will either automatically prompt
them to enter sensitive information in order to "resolve" the supposed fraud, or connect them to a
live person who will attempt to use social engineering to obtain information.Voice phishing
capitalizes on the lower awareness among the general public of techniques such as caller ID
spoofing and automated dialing, compared to the equivalents for email phishing, and thereby the
inherent trust that many people have in voice telephony.

Landline telephone services have traditionally been trustworthy; terminated in physical

locations known to the telephone company, and associated with a bill-payer. Now however,
vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and
automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is
typically used to steal credit card numbers or other information used in identity theft schemes
from individuals.

Usually, voice phishing attacks are conducted using automated text-to-speech systems
that direct a victim to call a number controlled by the attacker, however some use live
callers. Posing as an employee of a legitimate body such as the bank, police, telephone or
internet provider, the fraudster attempts to obtain personal details and financial information
regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim.
With the received information, the fraudster might be able to access and empty the account or
commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to
another bank account or withdraw cash to be given to them directly. Callers also often pose as
law enforcement or as an Internal Revenue Service employee.  Scammers often target
immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response
to threats of arrest or deportation. 
 Bank account data is not the only sensitive information being targeted. Fraudsters
sometimes also try to obtain security credentials from consumers who use Microsoft or Apple
products by spoofing the caller ID of Microsoft or Apple Inc..

Audio deepfakes have been used to commit fraud, by fooling people into thinking they
are receiving instructions from a trusted individual.

3. SMS phishing

SMS phishing or smishing is conceptually similar to email phishing, except attackers

use cell phone text messages to deliver the 'bait'. Smishing attacks typically invite the user to
click a link, call a phone number, or contact an email address provided by the attacker via SMS
message. The victim is then invited to provide their private data; often, credentials to other
websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully
displayed; this may make it more difficult to identify an illegitimate logon page. As the mobile
phone market is now saturated with smartphones which all have fast internet connectivity, a
malicious link sent via SMS can yield the same result as it would if sent via email. Smishing
messages may come from telephone numbers that are in a strange or unexpected format.

Smishing, or SMS phishing, is the act of committing text message fraud to try to lure victims
into revealing account information or installing malware. Similar to phishing, cybercriminals use
smishing, the fraudulent attempt to steal credit card details or other sensitive information, by
disguising as a trustworthy organization or reputable person in a text message.

With smishing, cybercriminals use a text message to try to get potential victims to give out
personal information. The text message, which typically contains a link to a fake website that
looks identical to the legitimate site, asks the recipient to enter personal information. Fake
information is often used to make the texts appear to be from a legitimate organization or
business.
Smishing has grown in popularity with cybercriminals now that smartphones are widely used, as
it enables them to steal sensitive financial and personal information without having to break
through the security defenses of a computer or network. Public awareness about phishing,
smishing and other attacks continues to grow, as many incidents are reported on in the news.

SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the
SMS messaging channel rather than through email. A natural evolution of the phishing
phenomenon, smishing attacks attempt to dupe mobile users with phony text messages
containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal
credentials, propagate mobile malware, or perpetrate fraud.

Though smishing has crept into users' text messaging streams for over a decade now, the
technique has long flown under the radar with relatively small global attack volumes over the
years. However, that's changing as cybercriminals seek to profit off of today's mobility and
remote work trends.

Approximately 81% of organizations say their users faced at least some level of smishing
attacks in 2019. Right before COVID-19 hit, smishing volume was already on the uptick.
Between the last quarter of 2019 and the first quarter of 2020, mobile phishing attacks-including
smishing-rose by 37%. As the lockdown era spurs on a wave of remote work and increased
reliance on mobile devices, smishing numbers continue to climb. One study reported a 29%
growth in smishing between March and July 2020.

"On a small screen and with a limited ability to vet links and attachments before clicking
on them, consumers and business users are exposed to more phishing risks than ever
before," says IDC's Phil Hochmuth. "In a mobile-first world, with remote work becoming the
norm, proactive defense against these attacks is critical.”

Common types of Smishing attacks

 The allure of smishing to the cybercriminal community has obviously grown stronger due
to a greater prevalence of text messaging in mobile users' lives in recent years.  However, the bad
guys are arguably even more drawn to smishing due to the differences in how users interact with
SMS messaging compared to email.

The sense of urgency is higher for text messages and their open rates are considerably
higher than email. According to MobileMarketer.com, while email recipients only open about
20% of their messages, SMS recipients open 98% of their texts.

Consequently, big brands are increasingly using text messages rather than email for
things like marketing messages, shipping verification, and account notifications. Added to the
mix is the preference for SMS as a channel for multi-factor authentication, meaning that many
mobile users have been habituated to interact with text messages in some way or other during the
login process of many of their cloud, retail, and banking accounts.

All of this creates a prime breeding ground for smishing attackers to perpetrate their
fraud, as users are highly engaged with and very likely to act quickly on most text messages that
come their way. The bad guys take advantage of that sense of immediacy and tailor the attacks to
mimic the various ways that brands regularly interact with customers via SMS.

4. Page hijacking

Page hijacking involves compromising legitimate web pages in order to redirect users to
a malicious website or an exploit kit via cross site scripting. A hacker may compromise a website
and insert an exploit kit such as MPack in order to compromise legitimate users who visit the
now compromised web server. One of the simplest forms of page hijacking involves altering a
webpage to contain a malicious inline frame which can allow an exploit kit to load. Page
hijacking is frequently used in tandem with a watering hole attack on corporate entities in order
to compromise targets.
 Page hijacking is a technical form of redirecting Web traffic that exploits certain glitches
in search engines. Page hijacking involves creating a site that roughly duplicates the content of
an existing site, then games search engine ranking systems to make sure that the second,
duplicated site gets more recognition than the original. The goal in page hijacking is to make the
second page more prominent than the first.

Less often, page hijacking can also refer to when the owner or creator of a page loses
control of that page, as in certain social media situations.

Page hijacking may also be called 203 hijacking.

The various ways in which a user is covertly redirected to a different website. For example,
"home page" hijacking refers to changing the default address of the home page in the user's
browser. When the browser is launched, it goes to that Web page.

"Browser hijacking" also refers to changing the home page as well as adding shortcuts to the
Favorites menu or lowering security settings. These changes can be made using JavaScript or an
Active.
Another form of page hijacking is copying a popular Web page from its original site to a third-
party site so that it becomes indexed by search engines. After the links have been established, the
content of the page is changed to reflect its real purpose, or it may redirect the user to a different
site.
 TECHNIQUES

2.1 Link manipulation

Most types of phishing use some form of technical deception designed to make a link in
an email appear to belong to the organization the attackers are impersonating. Misspelled
URLs or the use of subdomains are common tricks used by phishers. In the following example
URL,  http://www.yourbank.example.com/ , it can appear to the untrained eye as though the URL
will take you to the example section of the yourbank website; actually this URL points to the
"yourbank" (i.e. phishing) section of the example website. Another common trick is to make the
displayed text for a link suggest a reliable destination, when the link actually goes to the
phishers' site. Many desktop email clients and web browsers will show a link's target URL in the
status bar while hovering the mouse over it. This behavior, however, may in some circumstances
be overridden by the phisher. Equivalent mobile apps generally do not have this preview feature.

Internationalized domain names (IDNs) can be exploited via IDN spoofing or homograph

attacks, to create web addresses visually identical to a legitimate site, that lead instead to
malicious version. Phishers have taken advantage of a similar risk, using open URL
redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted
domain. Even digital certificates do not solve this problem because it is quite possible for a
phisher to purchase a valid certificate and subsequently change content to spoof a genuine
website, or, to host the phish site without SSL at all.

Another common spoofing trick is when thieves buy up variations or misspellings of popular
domain names and use them to create fake websites that fool visitors – this is also referred to
as typosquatting or URL hijacking. In the early days of the web, URLs were cumbersome to
remember and expensive to own; as the Internet grew in popularity, domains became cheaper
and more user-friendly. This made it easier for both companies and web surfers, but also
opened the door to fraud.
In 2003, it was reported that hackers began to take advantage of the availability of domain
names by buying up lookalikes like yahoo-billing.com and ebay-fullfillment.com. They then
used these pseudo links in some of the first large-scale email phishing attacks.

Typosquatting is technically illegal; however, that hasn’t stopped these fraudsters from
registering thousands of typosquatting domains  in the U.S. Google was an early target and
victim of such schemes. In 2005, they won the rights to googkle.com, ghoogle.com and
gooigle.com, which were bought by a Russian hacker. (Ironically, Google itself has been
accused of profiting from typosquatters. A 2010 study conducted by Harvard Professor Ben
Edelman found that 57% of typosquat domains he investigated had some form of Google
AdSense ads, which he estimated netted the company $497 million per year.)

2.2 Filter evasion

Phishers have sometimes used images instead of text to make it harder for anti-phishing
filters to detect the text commonly used in phishing emails. In response, more sophisticated anti-
phishing filters are able to recover hidden text in images using optical character
recognition (OCR).

With hundreds of ways of evading filters and new vectors appearing all the time, it’s
clear that filtering alone is not the solution. Filters don’t prevent XSS attacks but merely
eliminate a narrow subset of code patterns behaviors that may be attack attempts. In effect,
filtering is solving the wrong problem by trying to prevent any calls that load malicious code
instead of blocking the code itself. This is part of the reason why browser vendors are
increasingly moving away from filtering.
 By writing secure code that is not susceptible to XSS attacks, developers can have far
more effect on application and user security than any filters. On the application level, this can be
achieved by correctly applying context-sensitive escaping and encoding. On the HTTP protocol
level, the main weapon against Cross-Site Scripting is the use of suitable HTTP security headers,
especially properly configured Content Security Policy (CSP) headers. And as ever, regularly
checking your applications using an enterprise-grade web vulnerability scanner is essential for
keeping your security up-to-date.

This article is focused on providing application security testing professionals with a guide 
to assist in Cross Site Scripting testing. The initial contents of this article were donated to OWAS
P by RSnake, from his seminal XSS Cheat Sheet, which was at: http://ha.ckers.org/xss.html. Tha
t site now redirects to its new home here, where we plan to maintain and enhance it. The very firs
t OWASP Prevention Cheat Sheet, the Cross Site Scripting Prevention Cheat
Sheet, was inspired by RSnake’s XSS Cheat Sheet, so we can thank RSnake for our inspiration. 
We wanted to create short, simple guidelines that developers could follow to prevent XSS, rather 
than simply telling developers to build apps that could protect against all the fancy tricks specifie
d in rather complex attack cheat sheet, and so the OWASP Cheat Sheet Series was born.

2.3 Social engineering

Most types of phishing involve some kind of social engineering, in which users are
psychologically manipulated into performing an action such as clicking a link, opening an
attachment, or divulging confidential information. In addition to the obvious impersonation of a
trusted entity, most phishing involves the creation of a sense of urgency - attackers claim that
accounts will be shut down or seized unless the victim takes an action.

An alternative technique to impersonation-based phishing is the use of fake news articles

designed to provoke outrage, causing the victim to click a link without properly considering
where it could lead. Once on the attacker's website, victims can be presented with imitation
"virus" notifications or redirected to pages that attempt to exploit web browser vulnerabilities to
install malware.
 In the context of information security, social engineering is the psychological
manipulation of people into performing actions or divulging confidential information. This
differs from social engineering within the social sciences, which does not concern the divulging
of confidential information. A type of confidence trick for the purpose of information gathering,
fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a
more complex fraud scheme.

It has also been defined as "any act that influences a person to take an action that may or
may not be in their best interests."

An example of social engineering is the use of the "forgot password" function on most
websites which require login. An improperly-secured password-recovery system can be used to
grant a malicious attacker full access to a user's account, while the original user will lose access
to the account.

All social engineering techniques are based on specific attributes of human decision-

making known as cognitive biases. These biases, sometimes called "bugs in the human
hardware,” are exploited in various combinations to create attack techniques, some of which are
listed below. The attacks used in social engineering can be used to steal employees' confidential
information. The most common type of social engineering happens over the phone. Other
examples of social engineering attacks are criminals posing as exterminators, fire marshals and
technicians to go unnoticed as they steal company secrets.

One example of social engineering is an individual who walks into a building and posts
an official-looking announcement to the company bulletin that says the number for the help desk
has changed. So, when employees call for help the individual asks them for their passwords and
IDs thereby gaining the ability to access the company's private information. Another example of
social engineering would be that the hacker contacts the target on a social networking site and
starts a conversation with the target. Gradually the hacker gains the trust of the target and then
uses that trust to get access to sensitive information like password or bank account details.
IMPLEMENTATION /WORKING:

• In this implementation part iam using Kali Linux OS.

• To run the Kali Linux in a same system we should using Oracle Virtual Box.

• In this below image is desktop of Kali Linux.

Steps to create the phishing link to send he victim

• Now open the Terminal

• We have to get the root privilege.

• To check the root directors type “ls”

• Now entering into directory “cd SocialPhish”.

• Now run the SocialPhish.sh.

• It display list of Phishing Tools.

• Choose an option number

• Select the Ngrok server to run the phishing tool.

 • After selecting server it will run in the background and it display the temporary URL to
send to the victim.

• A victim believe the website is original so the user types name and password of the
victims account.

• At last the hacker know the victim user name and password credentials.

RESULT
APPLICATIONS:

• Any application doesn’t show the 100% result in detect phishing page or malicious
content in the website it show only 70% to 80 % of the result.

1)Avast Online Security :

• Anti-phishing protection for your browser extinction

• Avast Online Security checks each website you visit and warns you if it's unsafe or if it
simply has a bad reputation. All this is based on input from our community of 400
million users.

2) Netcraft :

• In the Netcraft browser extinction we can see the details of the website.

• This provide the following information:

• Name, Email address, Contact telephone number, Company name, Hosting details.

• By using that website details we can decide 65% is original website.

• After that we can visit that website in secure.

Scope of the Project

Though there are many phishing detection, the scope of the project is limited to feature
based phishing detection techniques. It extracts the discriminative features from the websites
which help in identifying the website class. In this process, rules play an important role as they
are easily understood by humans. The rules are formed in such a way that IF a condition THEN
class category where class category represents the category to which a class belongs to. This rule
induction helps to facilitate the decision making process which ensures reliability and
completeness.
Conclusion:

• No single technology will completely stop phishing. .

• The phishing attacks cause severe losses to companies, customers and web users.

• Social networking sites such as Facebook, Twitter and LinkedIn have been the victims of
phishing.

• However, there are anti-phishing tools available which can help users to detect phishing
attacks and prevent them.