A Web enabled Anti-phishing solution using enhanced Heuristic based technique
Phishing is a form of social engineering or website forgery whereby attackers mimic a trusted website or public organization or sending e-mails in an automated manner in order to steal sensitive information or credentials of online users. This is done in a way the user does not realize he is in a phishing environment and in turn reveals his sensitive information such as credit card information, employment details, online shopping account passwords and bank information. Phishers are still having their ways to succeed in their various nefarious activities and attacks. Different anti-phishing schemes however have emerged but phishers still find their ways around by breaking through various existing techniques. Against this backdrop, this project aims at developing a web enabled antiphishing technique using enhanced heuristic approach. This technique immediately updates the blacklist if a suspicious website is confirmed as a phishing site otherwise considered legitimate and in turn update the whitelist. This novel anti-phishing eradicates the delay in updating blacklist and whitelist. Users will be able to use this web application at will to test if a site is legitimate or not. This technique was implemented using PHP programming language and Database. A total number of Two Thousand Five Hundred and Nineteen URLs were tested (2519) which is represented as “K” while Two Thousand Five Hundred and Ten (2510) were correctly classified and this is denoted as “k. The results after the implementation show that there was no false negative (a phishing URL that is wrongly classified as legitimate) and one false positive (a legitimate URL wrongly classified as phishing). The rate of false positive and false negative is very low when compared with other techniques. Based on the outcome of this work, it is strongly recommended to any company to avoid comprise and to have a reliable & dependable transaction within an organization.