This type of attack is aimed at obtaining personal information (such as usernames, passwords, credit card details) by impersonating an entity that the user trusts. These attacks are usually done through email, e-mail, or social networking. Thus, in the case of phishing attacks, the attacker sends a message that contains a link to a web page that mimics the original page where the user trusts. Because an “educated” user can identify this type of attack by simply analyzing the URL contained in the link, another form of attack occurred: pharming. In this case, the attacker redirects the traffic to the original page to a fake page by compromising the user’s system or DNS service used by the victim.
These attacks are mostly directed to committing electronic fraud. To counter this type of attack, companies offering e-banking solutions offer token authentication for customers. But these tokens are not enough in the face of more complex battles that combine social engineering with DoS or DdoS attacks.
Below are the methods that users can use to protect against phishing. These methods are software-based and involve client-side installation of an application or plug-in to warn the user if they are about to access a phishing site. There are 2 types of one-based solution and the other heuristic solution.
1. List-based solutions.
List-based solutions use either black-lists (only list sites are blocked) or white-lists (only sites allowed in the list) to block the user from accessing a phishing site.
This approach is based on the fact that these lists are complete and current.
But this can not always be true because it takes some time before a phishing site is added to these lists, and most phishing sites have a very low lifetime.
Also, this type of protection can not detect attacks targeted to a specific user or group of users.
2. Heuristic based solutions.
Heuristic-based solutions are trying to identify different patterns in phishing sites.
These patterns can be identified in the URL of the pages or within the HTML or JavaScript code of the page.
With regard to pharming, a proposed solution is that based on sending a DNS request to a third-party DNS server.
If the response is different from the user’s DNS then an analysis based on the HTML content of the page is performed.
This solution can not be effective if the attacker can cause the victim to connect through a proxy that he can control.
Also, if the site’s login page is the same as the original page (as in the case of a man-in-the-middle attack) then it will not be identified by the proposed solution.
Solutions that are resistant to phishing and pharming attacks:
1. Passwords that expire in time
2. Passwords based on a server challenge
3. SSL/TLS authentication (PKI hardware)
4. Signing transactions on trusted platforms.