Abstract

Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. This research paper presents a novel approach to combat the Phishing attacks. An approach is proposed where user will retrieve the one time password by SMS or by alternate email address. After receiving the one time password the web server will create an encrypted token for the user's computer/device for authentication. The encrypted token will be used for identification, any time user wishes to access the website he/she must request the new password. The one time password as name implies will expire after single use. The one time password and encrypted token is a smart way to tackle this problem.

References

• Why Phish Should Not Be Treated as Spam By Norman M. Sadeh and Ph. D. http://www. drdobbs. com/security/why-phish-should-not-be-treated-as-spam/240001777, published May 18, 2012
• Anti Phishing Working Group. Origins of the word "phishing". http://www. antiphishing/org/word_phish. html. Accessed: March 10, 2012
• Computerworld QuickStudy: Phishing By Russell Kay, http://www. computerworld. com/s/article/89096/Phishing Accessed: 27 March 2013
• Koprowski, Gene J. , "Beware of 'Spoofing' Scams," UPI Technology News, January 2004.
• RSA's January 2013 Online Fraud Report, http://brianpennington. co. uk/2013/01/30/rsas-january-online-fraud-report-2013-including-an-excellent-summary-of-phishing-in-2012/
• CSI ONSITE - Phishing techniques, Clone Phishing - http://www. csionsite. com/2012/phishing/ Published: March 12, 2012
• Clone Phishing - Phishing from Wikipedia, the free encyclopedia, http://en. wikipedia. org/wiki/Phishing Accessed: 20 February 2013 at 14:42
• Cert Carnegie Mellon University, Spoofed Email, http://www. cert. org/tech_tips/email_spoofing. html Accessed: March 10, 2012
• Princeton University, Department of Computer Science, http://sip. cs. princeton. edu/WebSpoofing Accessed: 09 March 2013
• Toni McConnel, Security Sentinel Website Spoofing 101 http://www. iapplianceweb. com/story/oeg20031028s0033. htm Accessed: 09 March 2013
• Email spoofing From Wikipedia, the free encyclopedia http://en. wikipedia. org/wiki/Email_spoofing Accessed: March 11, 2012
• Posted by Margaret Rouse, Security: Email spoofing, http://searchsecurity. techtarget. com/definition/email-spoofing Accessed: March 12, 2012
• System. Security. Cryptography. X509Certificate, X509Certificate2 Class, http://msdn. microsoft. com/en-us/library/system. security. cryptography. x509certificates. x509certificate2. aspx Accessed 06 March 2013
• CAPTCHA: Telling Humans and Computers Apart Automatically, http://www. captcha. net, Accessed 07 March 2013
• A White Paper presented by FraudWatch International, the Internet's high profile Fraud Prevention Web Site. http://www. fraudwatchinternational. com, Accessed: March 10, 2012