Abstract
Phishing attacks are based on obtaining desired information from users quickly and easily with the help of misdirecting, panicking, curiosity, or excitement. Most of the phishing web sites are designed on internet banking(e-banking) and the attackers can acquire financial information of misled users with the tactics and discourses they develop. Despite the increase of prevention techniques against phishing attacks day by day, an effective solution could not be found for this issue due to the human factor. Because of this reason, real phishing attack studies are essential to study and analyze the attackers’ attack techniques and strategies. This study focused on the detection and analysis of a real e-banking phishing attack using the phishing website. Analysis results show that the attacker’s information is traceable.
References
Aburrous, M., Hossain, M. A., Dahal, K., Thabtah, F. Experimental case studies for investigating e-banking phishing techniques and attack strategies, Cognitive Computation, 2010; 2(3), 242-253.
Al Mutawa, N., Baggili, I., & Marrington, A. (2012). Forensic analysis of social networking applications on mobile devices. Digital investigation, 9, 24-33.
Adham, M., Azodi, A., Desmedt, Y., Karaolis, I. How to attack two-factor authentication internet banking. In International Conference on Financial Cryptography and Data Security, 2013; 322-328.
Basit, A., Zafar, M., Liu, X., Javed, A. R., Jalil, Z., Kifayat, K.. A comprehensive survey of AI-enabled phishing attacks detection techniques. Telecommunication Systems. 2020; 1-16.
Brand, M., Valli, C., & Woodward, A. (2010). Malware forensics: Discovery of the intent of deception. Journal of Digital Forensics, Security and Law, 5(4), 1-11.
Chaudhry, JA., Chaudhry, SA., Rittenhouse, RG. Phishing attacks and defenses. International Journal of Security and Its Applications, 2016; 10(1), 247-256.
Chanajitt, R., Viriyasitavat, W., & Choo, K. K. R. Forensic analysis and security assessment of Android m-banking apps. Australian Journal of Forensic Sciences, (2018). 50(1), 3-19.
Chowdhury, T., & Vidalis, S. (2012, September). Collecting evidence from large-scale heterogeneous virtual computing infrastructures using Website Capture. In 2012 Third International Conference on Emerging Intelligent Data and Web Technologies IEEE,211-217.
Das, S., Kim, D., Kelley, T., Camp, L. J. (2018). Grifting in the Digital Age, PrivacyCon.
Dhamija, R., Tygar, JD. The battle against phishing: Dynamic security skins. In Proceedings of the 2005 symposium on Usable privacy and security, 2005;77-88.
Dhanalakshmi, R., & Chellappan, C. (2010, July). Detection and recognition of file masquerading for e-mail and data security. In International Conference on Network Security and Applications Springer, Berlin, Heidelberg, 253-262.
Dhanalakshmi, R., Chellappan, C., & Liu, Q. (2011). Mitigating E-Mail Threats-A Web Content Based Application. In Proceedings of International MultiConference of Engineers and Computer Scientists, 2011; 1.
Emigh A. Online identity theft: phishing technology, chokepoints and counter measures. ITTC Report on Online Identity Theft Technology and Counter measures, 2005; 1- 58.
Gan, GGG., Ling, TN., Yih, GC., Eze, UC. Phishing: a growing challenge for Internet banking providers in Malaysia. Communications of the IBIMA. 2008;5, 133- 142.
Hertzum, M., Jørgensen, N., Nørgaard, M. Usable security and e-banking: Ease of use vis-a-vis security. Australasian Journal of Information Systems, 2004;11(2).
Herzberg, A., & Gbara, A. Trustbar: Protecting (even naive) web users from spoofing and phishing attacks. Cryptology ePrint Archive, Report 2004/155. Retrieved from http://eprint. iacr.org/2004/155. (2004).
Junger M, Montoya L, Overink FJ. Priming and warnings are not effective to prevent social engineering attacks. Computers in human behavior, 2017; 66, 75-87.
Jolly, V., The influence of internet banking on the efficiency and cost savings for banks’ customers. International Journal of Social Sciences and Management, 2016; 3.3: 163-170.
Kshetri, N. The simple economics of cybercrimes. IEEE Security & Privacy, 2006; 4(1), 33-39.
Kirda, E., & Kruegel, C. Protecting users against phishing attacks with antiphish. In 29th Annual International Computer Software and Applications Conference (COMPSAC'05), 2005;517-524.
Kruegel C, Kirda E. Protecting users against phishing attacks. The Computer Journal, 2005; 1-
8.
Meghanathan, N., Boumerdassi, S., Chaki, N., & Nagamalai, D. (Eds.). (2010). Recent Trends in Network Security and Applications: Third International Conference, CNSA 2010, Springer Chennai, India, July 23-25, 2010; 89.
Pan, Y., & Ding, X. (2006, December). Anomaly based web phishing page detection. In 2006 22nd Annual Computer Security Applications Conference (ACSAC'06) IEEE, 381-392.
Retruster Website. (2019), 2019 Phishing Statistics and Fraud Statistics, Retrieved from https://retruster.com/blog/2019-phishing-and-email-fraud-statistics.html.
Teraguchi, N. C. R. L. Y., & Mitchell, J. C. (2004). Client-side defense against web-based identity theft. Computer Science Department, Stanford University. Available: http://crypto. stanford. edu/SpoofGuard/webspoof. pdf.
Otrok, H., Mizouni, R., & Bentahar, J. Mobile phishing attack for Android platform. In 2014 10th International Conference on Innovations in Information Technology. 2014;18-23.
Riadi, I., Istiyanto, J. E., & Ashari, A. Log analysis techniques using clustering in network forensics. arXiv preprint arXiv:1307.0072. (2013).
Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., & Zhu, T. (2018). Web phishing detection using a deep learning framework. Wireless Communications and Mobile Computing, 2018.
Wardman, B., Stallings, T., Warner, G., & Skjellum, A. High-performance content-based phishing attack detection. In 2011 eCrime Researchers Summit, 2011;1-9.
Recommended Citation
Kara, ilker
(2021)
"DON'T BITE THE BAIT: PHISHING ATTACK FOR INTERNET BANKING (E-BANKING),"
Journal of Digital Forensics, Security and Law: Vol. 16
, Article 5.
DOI: https://doi.org/10.58940/1558-7223.1743
Available at:
https://commons.erau.edu/jdfsl/vol16/iss2/5
Included in
Computer Law Commons, Digital Communications and Networking Commons, Information Security Commons