The Internet has rapidly changed the way people access information. The Internet gives users access to a vast number of resources from locations around the world. In addition, the Internet allows users to perform commercial transactions and share private and sensitive information. A significant concern when browsing the Internet is the vulnerability of the Web to attacks from malicious individuals or organizations. Thus, the security of information that can be accessed or saved in websites is a challenge.
One type of fraudulent act over the Internet is known as phishing, which has become one the fastest growing online threats. In the last few years, there have been sharp increases in the number of phishing attacks over the Internet, thus users are now looking for effective ways for blocking such attacks.
Phishing refers to an attempt to fraudulently retrieve sensitive information, such as bank account information, SSNs, passwords, and credit card information, by masquerading as a trustworthy person or business with a real need for such information. A phishing attack can be committed in two different ways. One way includes sending an email to a user, requesting that the user click on a link in the email that directs the user to enter sensitive information on the ensuing website. Because the links and websites are usually near exact copies of valid websites of well-known enterprises, such as banks, the user is fooled into thinking the websites are legitimate and hence secure.
Another way to commit a phishing attack (also known as pharming) is by redirection of a user to an illegitimate website through technical means. This is typically performed by exploitation of vulnerability in the domain name server (DNS) server software that allows a hacker to acquire the domain name for a site, and to redirect traffic from that website to another website of the fraudster. For example, an Internet banking customer, who routinely logs in to his online banking account through the bank website, may be redirected to an illegitimate website. As another example, if the user mistyped the address of the bank's website, in the browser address bar, then instead of being redirected to the bank's website holding his/her account, the user is redirected to a website of the fraudster.
A DNS translates domain names meaningful to humans into the numerical identifiers, i.e., IP addresses associated with networking equipment for the purpose of locating and addressing these devices worldwide. Typically, the DNS is located at the internet service provider (ISP). A DNS error is typically returned when the DNS cannot locate the IP address associated with the hostname. Hackers and even organizations can utilize DNS errors to perform a DNS hijacking which allows the hijacker to display malicious web pages on the user's browser.
Several solutions for detection of phishing attempts that are DNS-based and browser-based are discussed in the related art. The DNS-based protection looks up the translated IP address of a respective hostname in an address blacklist, and if found then a warning is sent to the user's browser and the request is not sent to the illegitimate website. The address blacklist is frequently updated. The disadvantage of this technique that it can monitor only hostnames, but not variance of the URLs given to a domain name. For example, a DNS may translate the host name of www.eBey.com to an IP address designated in the blacklist, but the URL www.eBey.com/vaction.html, may not be alerted.
The browser-based detection solution includes a phishing filter that checks the URL as it appears in the browser address bar against a list of sites that are considered fraudster. If the requested site, as designated in the URL, is considered to be a phishing threat, the browser is redirected to a website that returns a warning to the user. The phishing filter is either part of the browser or is installed as a third party browser add-on. However, an anti-phishing filter is limited to certain types of web browsers and cannot work across platforms (different browsers).
Therefore, it would be advantageous to provide an anti-phishing solution that overcomes the deficiencies of the solutions discussed above. It would be further advantageous if the anti-phishing solution would also handle DNS errors for securing a client.