Phishing is a rapidly growing threat in cyber world and causing billions of dollars in damage every year to internet users. It is an unlawful activity which uses a group of
social engineering and technology to collect an Internet user’s sensitive information. The identification of phishing techniques can be performed in various methods of communications like email, instant messages, pop-up messages, or at web page level.
Over the period, a number of research articles have published with different techniques and procedures but have failed to detect all associated risks and provide a comprehensive solution.
While there is a common perception about the successful phishing attack involves creating an identical messages or website to deceive the internet user however this theory has not been utilized to evaluate this threat and investigate the gaps systematically. Our study attempts to evaluate this crime, review different research perspectives and approaches and investigate the gaps and furthermore proffer a working solution.
1.1 BACKGROUND OF THE STUDY
For any computer and internet users, it is important we keep information safe , secure and reduce to the barest minimum the instance of fraud that may arise in the course of visiting various websites.
Phishing is one problem that has been identified since the beginning of the internet age, and is one of the the more difficult to prevent and curtail.
Phishing is defined as a a cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”. With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts.
Other than email and website phishing, there’s also ‘vishing’ (voice phishing), ‘smishing’ (SMS Phishing) and several other phishing techniques cybercriminals are constantly coming up with. The study wants to focus on the various ways phishing can be done and possible solutions to them in form of a machine learning based software.
1.2 STATEMENT OF THE PROBLEM
Phishing has been described earlier as the fraudulent attempt to obtain sensitive data in order to commit crime. Phishing sites can be very difficult to detect by the ordinary user except such user knows the exact URL which can be really tedious to do.
In this case, we would craft an artificially intelligent machine learning system to do this detection to near perfect accuracy.
1.3 MOTIVATION OF THE STUDY
This study was motivated by the multiple millions of dollars that have been lost due to fraudsters operating fake versions of data collection websites and the need for a safer internet experience as we progress in the internet and communication age.
1.4 AIMS AND OBJECTIVES OF THE STUDY
The aims and objectives of this system include;
- Developing a phishing detection system.
- Creating a reporting platform for other users of the platform to report fake websites in order to build the knowledge base.
- Studying previous work on the proposed topic and looking for ways to improve them.
- Optimizing the system.
- Implementing security standards with the system.
- Creating the system which can also give suggestions to guest users
1.5 OUTLINE OF METHODOLOGY
1.6 SCOPE OF THE STUDY
The scope of the system widens as time goes on. The system takes user feedback and adds it to the knowledge base. It also uses certain algorithms to detect fake websites especially websites that are often phished.
1.7 SIGNIFICANCE OF THE STUDY
The study bears significance in the sense that it can help at least reduce instances of people falling for fake websites that they may give their information to. It really helps for people who do not have all the time in the world to carefully identify exact URLs to verify the addresses.
1.8 OPERATIONAL DEFINITION OF TERMS
- PHISHING:Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information.
- CYBER CRIME: Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device. Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.
- URL: A URL, short for universal resource locator, includes the protocol (ex. HTTP, FTP), the domain name (or IP address), and additional path information (folder/file). On the Web, a URL may address a Web page file, image file, or any other file supported by the HTTP protocol.
1.9 ORGANIZATION OF THE PROJECT
The project is organized such that; Chapter One gives a brief introduction in form of the Background of the Study of a general overview of the concept of phishing and the combative methods against it. In Chapter Two, we have a broad look at the related implementations of anti-phishing systems. Chapter Three examines the System Architecture, the system design and analysis. Chapter Four presents the implementation of the project using necessary programming languages and development models. It also presents the result of testing carried out. Chapter Five rounds off the project work with the summary, conclusions and recommendations for future works.