چکیده (انگلیسی):

A phishing attack is a criminal activity which mimics a certain legitimate webpage using a fake webpage
with an intention of luring end-users to visit the fake website thereby stealing their personal information
such as usernames, passwords and other personal details such as credit card information. Phishing has
seen an alarming trend of increase in both the volume and the sophistication of phishing attacks.
According to a description of phishing by APWG, the ways phishers steal consumers’ personal
information consist of social engineering and technical subterfuge. In technical-subterfuge schemes,
phishers furtively plant crime ware onto users’ computers to intercept their online account user names
and passwords, while in social-engineering schemes they send spoofed e-mails to consumers purporting
to be from legitimate businesses and agencies and then mislead consumers to counterfeit websites. When
a user wants to access the website, the server sends an encrypted security code to the user through the
communication protocol. If the user’s login name is not valid it will show an error message. If the user’s
name is valid, the website checks the user’s registered account and sends an acknowledgement to that
user. The legitimate or true webpage mimicked by the fake webpage is defined as the phishing target.
Such phishing attacks if executed on newly created web pages prove difficult to identify as it becomes
hard to tell which the phishing page is and which the target is. We anticipate that our approach would be
deployed for websites requiring a high level of security and that it would ultimately help in remaining
customer confidence in using web-based commerce. The automatic discovery of phishing target is
proposed to solve the above problem.