Técnicas de detección y control de phishing.
Técnicas de detección y control de phishing.
Contenido principal del artículo
Resumen
Detection and Control of Phishing Techniques.
Resumen
La globalización de la economía y el uso masivo de Internet, han originado nuevos espacios para la comisión de fraudes en sistemas de cómputo con el uso de las nuevas tecnologías. En el presente artículo se describen de manera general los principales delitos informáticos, como la interceptación ilícita de correspondencia electrónica y el uso no autorizado de tarjetas y claves falsas, enfatizando en el phishing como uno de los fraudes de mayor crecimiento en los últimos años. Se describen las principales formas de introducir el phishing entre los clientes y usuarios por medio de la creación de un sitio web falso similar al sitio original; se exponen trabajos relacionados con el tema, como la clonación del perfil en una red social, el diseño de un prototipo de sistema que puede ser empleado por los usuarios para investigar si han sido víctimas de un ataque de phishing y el malware que ataca en redes sociales. Finalmente, se identifican algunas técnicas para la detección de phishing.
Palabras clave: Delitos informáticos, phishing, técnicas anti-phishing.
Abstract
The globalization of the economy, and the widespread use of Internet have led to new spaces for committing fraud in computer systems with the use of new technologies. This article describes, in general, major computer-related crimes, such as unlawful interception of e-mail correspondence, the unauthorized use of cards, and false PINs, emphasizing phishing as one of fastest-growing scams in recent years. The main ways to phish customers and users are described through the creation of a fake web site similar to the original site. Related studies are discussed, such as the cloning of profiles on social networks, the design of a prototype system that can be used by users to investigate whether they have been victims of a phishing attack and malware that attacks on social networks. Finally, some techniques for detecting phishing are identified.
Keywords: cybercrime, phishing, anti -phishing techniques.
Descargas
Detalles del artículo
Referencias (VER)
Agarwal, N., Renfro, S. & Bejar, A. (2009). Yahoo Sign-In Seal and Current Anti-Phishing Solutions. eCrime Researchers Summit, 1-4.
Alkhateeb, F., Manasrah, A. & Bsoul, A. (2012). Bank Web Sites Phishing Detection and Notification System Based on Semantic Web technologies. International Journal of Security & Its Applications, 6(4),
1-14.
APWG: Anti-phishing Work Group. (2013). Phishing Activity Trends Report, 2nd Quarter 2013. Recuperado de: http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf
Atighetchi, M. & Pal, P. (2009). Attribute-based Prevention of Phishing Attacks. Eighth International Symposium on Network Computing and Applications (IEEE). Cambridge, England.
Chandavale, A. A. & Sapkal, A. M. (2010). Algorithm for Secured Online Authentication Using CAPTCHA. Third International Conference on Emerging Trends in Engineering and Technology, 19-21.
Chen, J. & Guo C. (2006). Online Detection and Prevention of Phishing Attacks. First International Conference on Communications and Networking (IEEE),
China.
Coronges, K., Dodge, R., Mukina, C., Radwick, Z., Shevchik, J. & Rovira, E. (2012). The Influences of Social Networks on Phishing Vulnerability. 45th Hawaii International Conference on Year: 2012. Hawaii, USA.
Dadkhah, M. & Davarpanah, J. M. (2014a). Secure Payment in E-commerce: Deal with Keyloggers and Phishings. International Journal of Electronics Communication and Computer Engineering, 5(3),
656-660.
Dadkhah, M. & Davarpanah, J. (2014b). A Novel Approach to Deal with Keyloggers. Oriental Journal of Computer Science & Technology, 7(1),
25-28.
Dadkhah, M., Lyashenko, V. & Jazi, M. (2015). Methodology of the Chaos Theory in research of phishing attacks. International Journal of Academic Research, 7(1).
Díaz, G. A. (2010). El delito informático, su problemática y la cooperación internacional como paradigma de su solución. REDUR, (8),
169-203.
Dunlop, M., Groat, S. & Shelly, D. (2010). Gold Phish: Using Images for Content-Based Phishing Analysis. Fifth International Conference on Internet Monitoring and Protection. Barcelona, España.
Escobar, M. & Román, H. (2011). La presentación del yo en el ciberespacio: un análisis de las autodefiniciones personales en blogs y redes sociales. Revista de Psicología Social, 26 (2),
207-222.
Hong, J. (2012). The State of Phishing Attacks. Communications of the acm, 55(1),
74-81.
Kontaxis, G., Polakis, I., Ioannidis, S. & Markatos, E. P. (2011). Detecting social network profile cloning. Pervasive Computing and Communications Workshops (PERCOM Workshops),
IEEE International Conference. Sydney, Australia.
Li, S. & Schmitz, R. (2009). A Novel Anti-Phishing Framework Based on Honeypots. eCrime Researchers Summit (IEEE),
1-13.
Liu, G., Qiu, B. & Wenyin, L. (2010). Automatic Detection of Phishing Target from Phishing Webpage. International Conference on Pattern Recognition (IEEE). Istanbul, Turkey.
Mahmood, A. & Rajamani, L. (2012). APD: ARM Deceptive Phishing Detector System Phishing Detection in Instant Messengers Using Data Mining Approach. Springer. Verlag Berlin Heidelberg, 269, 490-502.
Mishra, M. & Gaurav, J. (2012). A Preventive Anti-Phishing Technique using Code word. International Journal of Computer Science and Information Technologies, 3(3),
4248-4250.
Nagy, J. & Pecho, P. (2009). Social Networks Security. Emerging Security Information, Systems and Technologies. SECURWARE '09. Third International Conference on Year: 2009. Athens/Glyfada, Greece.
Nikulchev, E. & Pluzhnik, E. (2014). Study of Chaos in the Traffic of Computer Networks. International Journal of Advanced Computer Science and Applications, 5(9),
60-62.
Quanyan, Z., Clark, A., Poovendran, R. & Başar, T. (2013). Deployment and Exploitation of Deceptive Honeybots in Social Networks. 52nd IEEE Conference on Decision and Control, Florence, Italy.
Radbruch, G. (2010). Sobre el sistema de la teoría del delito. Revista electrónica de ciencia penal y criminología, (12). Recuperado de: http://criminet.ugr.es/recpc/12/recpc12-r1.pdf
Reddy, V., Radha, V. & Jindal, M. (2011). Client Side protection from Phishing attack. International Journal of Advanced Engineering Sciences and Technologies, 3(1),
39-45.
Shreeram, V., Suban, M., Shanthi, P. & Manjula, K. (2010). Anti-phishing detection of phishing attacks using genetic algorithm. IEEE International Conference on Communication Control and Computing Technologies (ICCCCT).Ramanathapuram, India.
Usera, L. (2007). Desfalcos por “phishing”. Escritura pública, (46),
24-26.