Article Preview
Top1. Introduction
Nowadays, the Internet has rapidly grown and become a critical resource for a variety of services such as WWW, e-mail, e-commerce, etc. As the Internet continues to grow, more and more organizations and industries are integrating their existing system with the Internet to increase the revenue. Our daily lives have also become more reliant on Internet-based services for delivery of data services. Moreover, these services store user’s sensitive and personal credentials, and attract cybercriminal for stealing of user’s credential (Gupta et al., 2017; Pejic-Bach, 2010). These events have prompted many cybercriminals who try to take advantage of easy access to the WWW and associated user-centric approaches (Konradt et al., 2016).
Phishing is one of the most dangerous cybercrimes in which attackers steal sensitive credentials from the Internet users such as, bank account details, credit card number, protected password, etc. Phishing is similar to the word ‘fishing’. In fishing, we use bait in order to catch a fish same thing happens in phishing but instead, victim is a normal user using the Internet. The victim of this attack thinks that information is going to the trustworthy party, instead, it is going to the cybercriminals. Cybercriminals use this information for its own advantage not for its intended purpose. Phishing is one of the major problems faced by cyberspace. The statistics of most recent web vulnerability reports revealed that phishing attack stands at peak position among all other cyber-attacks (APWG, 2016).
In this attack, the cybercriminals exploit the vulnerability of innocent Internet users, as many users are not aware of phishing attack (Arachchilagea et al., 2016). Most of the Internet users avoid the warning messages (i.e. security indicators) shown by the web browsers. Moreover, users also do not know the secure sockets layer (SSL) certificate and they are not able to differentiate between genuine and fake uniform resource locators (URLs). The visual deception of the fake website also plays an important factor to catch innocent victims. The appearance of fake website deceives users to believe that they are visiting the correct website. Phishing messages are spread over e-mail, SMS, instant messengers, social networking sites, etc, but e-mail is the popular way to perform this attack.
The motive behind phishing is not only stealing the user’s information, but to install other types of malware, like, Trojan horse, ransomware, etc., in the victim machine (Phishingpro, 2018). Moreover, this brutal attack also creates the negative business impact on electronic commerce, payment gateways, and social media websites (Konradt et al., 2016). Google raised 10 million phishing warning messages every day to their users who wish to visit a fake website and added 10000+ websites in its blacklist (Orman, 2013). According to Anti-Phishing Working Group (APWG) cyber report, 662795 unique phishing websites were detected in 2017 (APWG, 2018). Cybercriminals stole a total of $172bn from consumers in 2017 (Norton Cyber Security, 2017). Moreover, it was found that 76% of organisations had experienced phishing attacks in 2017 (State of the Phish, 2018). Furthermore, 53% of InfoSec professionals reported that they had experienced spear phishing attacks in 2017. (State of the Phish, 2018)