DESIGN AND IMPLEMENTATION OF AN ANTI PHISHING APPLICATION FOR THE END USER

Abstract

Seeking sensitive user data in form of online banking username and passwords or credit card information through a combination of social engineering and technical subterfuge from unsuspecting Internet users, which may then be used by 'phishers' for their own personal gain is the primary objective of the phishing e-mails. With the increase in the online trading activities, there has been a phenomenal increase in the phishing scams which have now started achieving monstrous proportions, causing losses to the tune of billions of dollars worldwide. In this dissertation we present an Anti-Phishing application designed to protect the end user from the threat of phishing attacks. A user is more likely to succumb to a phishing mail which apparently comes from an organization with which he has a relationship. Accordingly the application keeps track of the sites with which the user indulges in financial transactions and scans his e-mail account for mails which appear to have come from these institutions. Since the destination where a phishing email intends to lead the victim to is more dangerous than the email itself, we compare the source code of this destination web page against the source code of the home page and the login page of the institution the email claims to have come from. In case of a mismatch between the two pairs of source codes, the email is marked as a phishing email and a warning is generated about the same for the benefit of the user.