Phishing and Communication Channels: A Guide to Identifying and Mitigating Phishing Attacks

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Chapter 1: Introduction to Phishing
	1.1	 What Is a Phishing Attack?
	1.2	 Phishing: A Quick History
	1.3	 Types of Hackers
		1.3.1 White-Hat Hackers
		1.3.2 Black-Hat Hackers
		1.3.3 Gray-Hat Hackers
	1.4	 Phishing Attacks: The Reasons Behind Attacks
		1.4.1 Financial Gain
		1.4.2 Identity Theft
			1.4.2.1 Social Security Identity Theft
			1.4.2.2 Medical Identity Theft
			1.4.2.3 Synthetic Identity Theft
			1.4.2.4 Criminal Identity Theft
		1.4.3 Industrial Espionage
		1.4.4 Malware Distribution
			1.4.4.1 Viruses
			1.4.4.2 Trojans
			1.4.4.3 Rootkits
			1.4.4.4 Spyware
			1.4.4.5 Worms
			1.4.4.6 Ransomware
			1.4.4.7 Adware
		1.4.5 Fame and Notoriety
	1.5	 How Phishing Works
	1.6	 Phishing Statistics
		1.6.1 Data Breaches
		1.6.2 Brand Impersonation
		1.6.3 Phishing Websites
		1.6.4 Phishing Emails
		1.6.5 Cost to Mobile Users
	1.7	 Summary
	1.8	 Bibliography
Chapter 2: Types of Phishing
	2.1 Social Engineering Phishing
		2.1.1 Deceptive Phishing
		2.1.2 Spear Phishing
		2.1.3 Whaling
		2.1.4 Deceptive Phishing vs. Spear Phishing vs. Whaling
	2.2 DNS-Based Phishing
		2.2.1 DNS Spoofing
		2.2.2 DNS Rebinding Attack
		2.2.3 Domain Registration Attack
	2.3 Proxy-Based Phishing
	2.4 DHCP-Based Phishing
	2.5 Content Injection–Based Phishing
		2.5.1 Cross-Site Scripting
			2.5.1.1 Reflected XSS
			2.5.1.2 Stored XSS
			2.5.1.3 DOM-Based XSS
		2.5.2 SQL Injection Phishing
		2.5.3 Command Injection
		2.5.4 XPath Injection
		2.5.5 Mail Command Injection
	2.6 Search Engine Phishing
		2.6.1 High Discounts or Free Products
		2.6.2 Low Interest Rates
		2.6.3 Job Opportunity
	2.7 Man-in-the-Middle Attack
		2.7.1 Man-in-the-Browser Attack
		2.7.2 Rogue Access Point
		2.7.3 Address Resolution Protocol–Based Phishing
		2.7.4 Internet Control Message Protocol Redirection
		2.7.5 SSL Stripping
	2.8 Summary
	2.9 Bibliography
Chapter 3: Communication Channels
	3.1 Phishing Attacks Through Email
		3.1.1 Domain Spoofing
		3.1.2 Social Engineering Statements
		3.1.3 Hyperlink Attachments
		3.1.4 Unexpected Attachments
		3.1.5 Poor Spelling and Grammar
		3.1.6 Generic Greeting or Salutation
		3.1.7 Web Form
	3.2 SMS Phishing, or Smishing
		3.2.1 Legitimate-Appearing Smishing Message
		3.2.2 Smishing SMS Content Website or Unknown Links
		3.2.3 Smishing SMS Containing Email ID or Telephone Number
	3.3 Voice Phishing, or Vishing
		3.3.1 War Dialing
		3.3.2 Voice over Internet Protocol
		3.3.3 Caller ID Spoofing
	3.4 Dumpster Diving
	3.5 Chat Phishing
	3.6 Social Media Phishing
		3.6.1 Social Networking Sites
		3.6.2 Internet Forums
		3.6.3 Blogs
		3.6.4 Video-Sharing Sites
		3.6.5 Photo-Sharing Sites
		3.6.6 Sharing Economy Platform
			3.6.6.1 Accommodation Booking Fraud
			3.6.6.2 Ride-Sharing Fraud
	3.7 Wireless Phishing
		3.7.1 Evil Twin
		3.7.2 Karma Wi-Fi Attack
		3.7.3 Bluetooth Phishing Attack
			3.7.3.1 Bluejacking
			3.7.3.2 Bluesnarfing
			3.7.3.3 Bluebugging
	3.8 Mobile Platforms
		3.8.1 Similarity Attack
		3.8.2 Sharing Attack
		3.8.3 Background Attack
		3.8.4 Notification Attack
		3.8.5 Floating Attack
	3.9 Summary
	3.10 Bibliography
Chapter 4: What Does a Phishing URL Look Like?
	4.1	 Why URL Phishing Is Important
	4.2	 Domain Spoofing
		4.2.1 Typosquatting Attack
			4.2.1.1 Inserting Characters
			4.2.1.2 Omitting Characters
			4.2.1.3 Replacing Characters
			4.2.1.4 Transposing a Character
		4.2.2 Homoglyph Attack
		4.2.3 Bitsquatting
		4.2.4 Combosquatting
		4.2.5 Personal Name Hijack
		4.2.6 Soundsquatting
		4.2.7 Hostname Contains Many Dots
		4.2.8 The Hyphen Symbol
		4.2.9 Popularity of Domain
			4.2.9.1 Alexa Page Rank
			4.2.9.2 Age of the Domain
			4.2.9.3 DNS Record
			4.2.9.4 Website Traffic
	4.3	 Other Techniques for Phishing URLs
		4.3.1 Tiny URL
		4.3.2 Phishing URL Contains IP Address
		4.3.3 Phishing URL Contains More Slashes
		4.3.4 Phishing URL Contains Suspicious Symbol
		4.3.5 Phishing URL Contains TLD in Improper Position
		4.3.6 Phishing URL Contains Percent Sign
	4.4	 Summary
	4.5	 Bibliography
Chapter 5: Characteristics of Phishing Websites
	5.1	 HTML Tags in Phishing Website
		5.1.1 Fake 
 Tag
		5.1.2  Tag
		5.1.3 Inline Frame Tag with Phishing URL
		5.1.4 href Attribute
	5.2	 CSS Style in Phishing Websites
	5.3	 JavaScript in Phishing Websites
		5.3.1 onmouseover Event
		5.3.2 Pop-Up Window
		5.3.3 JavaScript Functions for Phishing Websites
			5.3.3.1 Window open() Method
			5.3.3.2 escape()
			5.3.3.3 unescape() or Eval Function
	5.4	 Favicon
	5.5	 Summary
	5.6	 Bibliography
Chapter 6: Phishing Kits
	6.1 Gophish
	6.2 Social Engineer Toolkit
	6.3 King Phisher
	6.4 Simple Phishing Toolkit
	6.5 Phishing Frenzy
	6.6 SpeedPhish Framework
	6.7 SpearPhisher
	6.8 Exploit Toolkits
	6.9 Summary
	6.10 Bibliography
Chapter 7: Training Methods for Phishing Detection
	7.1	 Awareness, Training, and Education
	7.2	 Importance of Training in the Field of Phishing
	7.3	 Why Do So Many Individuals Fall Prey to Phishing Scams?
		7.3.1 Failure to Train People About Phishing
		7.3.2 Unfamiliar with Different Phishing Communication Channels
		7.3.3 Users are not Following the Practices and Guidelines
		7.3.4 Ignorance of Security Warnings
		7.3.5 Ignorance of Organization’s Notification
		7.3.6 Mistakes of Organizations
		7.3.7 Some Phishing Tools Are Completely Ineffective
	7.4	 Important Training Methods
		7.4.1 Lectures
		7.4.2 Training Manuals
		7.4.3 Case Studies
		7.4.4 Cooperative Training
		7.4.5 Problem-Solving Training
		7.4.6 Demonstration
		7.4.7 Game-Based Training
		7.4.8 Simulation-Based Training
		7.4.9 Computer-Based Training
	7.5	 Challenges in Implementing Training Programs
		7.5.1 A Lack of Consistency in the Training Program
		7.5.2 Optional Training
		7.5.3 Inexperienced Trainer
		7.5.4 Short-Term Focus
		7.5.5 Insufficient Resources in the Training Program
	7.6	 Guidelines for Avoiding Phishing Attacks
		7.6.1 Be Cautious When It Comes to Communication Methods
		7.6.2 Examine the URL of the Website
		7.6.3 Use Secure Connections
		7.6.4 Browser Extensions or Toolbars That Block Phishing Attacks
		7.6.5 Be Extremely Cautious When It Comes to Emotions
		7.6.6 Beware of Pop-Up Windows
		7.6.7 Account Activity Should Be Monitored on a Regular Basis
		7.6.8 Software Protection Should Be Installed or Updated
	7.7	 Summary
	7.8	 Bibliography
Chapter 8: Legal Solution: Phishing Is Prohibited Under a Number of Laws
	8.1	 Importance of Cyber Law
	8.2	 What to Do If Someone Discloses Their Credentials to Phishing Sites
		8.2.1 Change the Login Information
		8.2.2 Inform the Organizations That Were Phished
		8.2.3 Scan Devices for Malware
		8.2.4 Report It to the Local Police Station
		8.2.5 Report It to an Antiphishing Organization
		8.2.6 Share This Information with Friends and Relatives
	8.3	 Phishing Legislation
		8.3.1 Spam Law
			8.3.1.1 Spam Act of 2003
			8.3.1.2 Fighting Internet and Wireless Spam Act
			8.3.1.3 Spam Control Act of 2007
			8.3.1.4 CAN-SPAM Act of 2003
		8.3.2 Copyright Law
		8.3.3 Fraud Law
			8.3.3.1 Fraud Act of 2006
			8.3.3.2 The Computer Fraud and Abuse Act
	8.4	 Antiphishing Laws
	8.5	 Challenges and Limitations
	8.6	 Summary
	8.7	 Bibliography
Chapter 9: Phishing Detection Based on Technology
	9.1 User Decision–Based Approaches
	9.2 List-Based Approach
		9.2.1 Using a Blacklist-Based Approach
		9.2.2 Whitelist-Based Technique
	9.3 Visual Similarity–Based Approach
		9.3.1 Text Similarity or Font Similarity
		9.3.2 Image Similarity
		9.3.3 DOM Similarity
	9.4 Search Engine–Based Approach
	9.5 Machine Learning–Based Approach
		9.5.1 Machine Learning Classification Algorithms
		9.5.2 Machine Learning Clustering Technique
	9.6 Deep Learning Approach
	9.7 Hybrid Approach
	9.8 False Target Approach
	9.9 Summary
	9.10 Bibliography
Appendix A: Machine Learning Algorithms
	A.1 Classification Algorithms
		A.1.1 Decision Tree
		A.1.2 Support Vector Machine
		A.1.3 Random Forest Algorithm
		A.1.4 AdaBoost
		A.1.5 Logistic Regression
		A.1.6 Naive Bayes Classifier
	A.2 Clustering Algorithms
Appendix B: Deep Learning Algorithms
	B.1 Feed-Forward Neural Networks
	B.2 Feedback Networks
	B.3 Backpropagation
	B.4 Convolutional Neural Networks
	B.5 Recurrent Neural Networks
	B.6 Deep Belief Networks and Restricted Boltzmann Machines
Appendix C: Natural Language Processing
	C.1 TF-IDF
	C.2 N-grams
	C.3 Part-of-Speech Tagging
	C.4 Optical Character Recognition
Appendix D: Evaluation Metrics for Phishing Detection Approach
	D.1 Area Under the ROC Curve
	D.2 Cross Validation
Index