Client-Side Defense against Phishing with PageSafe

Every day, a number of attacks are launched with the aim of making web users believe that they are communicating with a trusted entity for the purpose of stealing account information, logon credentials, and identity information in general. These attacks, commonly known as "phishing attacks," are most commonly initiated by sending out emails with links to spoofed websites that harvest information. Many anti-phishing schemes have recently been proposed in literature. Despite all those efforts, the threat of phishing attacks is not mitigated. Solutions based on blacklists of phishing web sites are partially effective. Such solutions require the anti-phishing organizations to be much faster than the attackers. And the effectiveness of private information preserving approach is totally dependent on users. To keep their private information could be irritating works for users Solution based on automatic classification have the problems of false positives and false negatives. In this paper, proposes PageSafe - an anti-phishing tool that prevents accesses to phishing sites through URL validation and also detects DNS poisoning attacks? PageSafe also examines the anomalies in web pages and uses a machine learning approach for automatic classification. PageSafe does not preserve any secret information and requires very less input from user. PageSafe performs automatic classification but by taking advantage of user assistance and external repositories, hence the number of false positives is reduced by a significant value. PageSafe is based on an approach opposite to blacklist approach removing the race between phishers and anti-phishing organizations. PageSafe maintains a whitelist of URLs with the mapping of corresponding IPs. This list is referenced first for resolving IP of a URL to protect user from DNS poisoning attacks. With PageSafe users help to decide whether or not a web page is legitimate. This report also present an analysis on effectiveness of PageSafe based on an experiment done on a set of phishing pages.