Dream Science

DS Journal of Cyber Security (DS-CYS)

Research Article | Open Access | Download Full Text

Volume 2 | Issue 4 | Year 2024 | Article Id: CYS-V2I4P103 DOI: https://doi.org/10.59232/CYS-V2I4P103

Simulating Phishing and Security Step (2FA) and Detecting Fake URLs Using Plugin and Browser Extension Detection

K. Dhivya, S. Anisha, V. Dheepa Muthu Jothi, S. Kavishree, R. Madhangi, M.G. Meena Abinaya

ReceivedRevisedAcceptedPublished
04 Oct 202410 Nov 202428 Nov 202421 Dec 2024

Citation

K. Dhivya, S. Anisha, V. Dheepa Muthu Jothi, S. Kavishree, R. Madhangi, M.G. Meena Abinaya. “Simulating Phishing and Security Step (2FA) and Detecting Fake URLs Using Plugin and Browser Extension Detection.” DS Journal of Cyber Security, vol. 2, no. 4, pp. 19-28, 2024.

Abstract

Phishing attacks remain a universal and evolving threat, targeting both individuals and organizations by misusing trust and social engineering to gain access to confidential information such as usernames, passwords, and financial data. With the increasing cleverness of these attacks, traditional security measures are often insufficient to moderate the risks fully. This paper investigates the deployment of browser-based tools—specifically, plugins and extensions—for the real-time detection of phishing URLs, combined with Two-Factor Authentication (2FA) as an additional security layer. By simulating real-world phishing situations, Explore how browser extensions can enhance security by detecting and alerting users of suspicious URLs before they have interacted. Integrating 2FA adds another layer of protection, ensuring that even if credentials are compromised, unauthorized access is further delayed. The proposed system architecture focuses on combining URL pattern recognition, blacklist verification, and investigative analysis within browser extensions to provide immediate feedback to users about possibly malicious links. These measures are improved by 2FA, which requires a secondary verification step, drastically reducing the success rate of phishing attempts. Experimental results demonstrate a significant reduction in phishing success rates, highlighting the effectiveness of this multi-layered approach. Statistical analysis reveals a marked decrease in successful phishing incidents when both browser-based detection and 2FA are employed together. This study underscores the necessity of adopting proactive, layered security frameworks to address the growing phishing threat. The findings suggest that future enhancements could involve incorporating machine learning algorithms into the detection mechanisms to improve accuracy further and adapt to the rapidly changing strategies used by phishing attackers.

Keywords

Phishing attacks, Two-Factor Authentication (2FA), Phishing prevention, Phishing detection, User protection, Malicious links.

References

[1] Surachai Chatchalermpun, and Therdpong Daengsi, “Improving Cybersecurity Awareness Using Phishing Attack Simulation,” IOP Conference Series: Materials Science and Engineering, vol. 1088, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[2] Muhammet Baykara, and Zahit Ziya Gürel, “Detection of Phishing Attacks,” 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, pp. 1-5, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[3] Bhavya Shah et al., “Chrome Extension for Detecting Phishing Websites,” International Research Journal of Engineering and Technology, vol. 7, no. 3, pp. 2958-2962, 2020.

[Google Scholar] [Publisher Link]

[4] Adetokunbo MacGregor John-Otumu, Md Mahmudur Rahman, and Christiana Ugochinyere Oko, “An Efficient Phishing Website Detection Plugin Service for Existing Web Browsers Using Random Forest Classifier,” American Journal of Artificial Intelligence, vol. 5, no. 2, pp. 66-75, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[5] T.O. Oyegoke, A.O. Amoo, and J. Aigberua, “An Enhanced Phishing Detection System in Online Transactions,” Twist, vol. 19, no. 3, pp. 656-666, 2024.

[CrossRef] [Google Scholar] [Publisher Link]

[6] Vaishnavi Bhavsar, Aditya Kadlak, and Shabnam Sharma, “Study on Phishing Attacks,” International Journal of Computer Applications, vol. 182, no. 3, pp. 27-29, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[7] Zainab Alkhalil et al., “Phishing Attacks: A Recent Comprehensive Study and A New Anatomy,” Frontiers in Computer Science, vol. 3, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[8] Ankit Kumar Jain, and B.B. Gupta, “A Survey of Phishing Attack Techniques, Defence Mechanisms and Open Research Challenges,” Enterprise Information Systems, vol. 16, no. 4, pp. 527-565, 2022.

[CrossRef] [Google Scholar] [Publisher Link]

[9] Bilal Naqvi et al., “Mitigation Strategies against the Phishing Attacks: A Systematic Literature Review,” Computers & Security, vol. 132, 2023.

[CrossRef] [Google Scholar] [Publisher Link]

[10] Anirudha Joshi, and Tanuja R. Pattanshetti, “Phishing Attack Detection Using Feature Selection Techniques,” Proceedings of International Conference on Communication and Information Processing (ICCIP), pp. 1-7, 2019.

[CrossRef] [Google Scholar] [Publisher Link]

[11] Ram B. Basnet, Andrew H. Sung, and Quingzhong Liu, “Rule-Based Phishing Attack Detection RB Basnet,” International Conference on Security and Management, 2011.

[Google Scholar]

[12] Muhammad Nadeem et al., “Phishing Attack, its Detections and Prevention Techniques,” International Journal of Wireless Security and Networks, vol. 1, no. 2, pp. 13-25, 2023.

[Google Scholar] [Publisher Link]

[13] G. Jaspher Willsie Kathrine et al., “Variants of Phishing Attacks and their Detection Techniques,” 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, pp. 255-259, 2019.

[CrossRef] [Google Scholar] [Publisher Link]

[14] Ozgur Koray Sahingoz, Saide Işılay Baykal, and Deniz Bulut, “Phishing Detection from URLs by Using Neural Networks,” Computer Science & Information Technology (CS & IT), pp. 41-54, 2018.

[CrossRef] [Google Scholar] [Publisher Link]


Simulating Phishing and Security Step (2FA) and Detecting Fake URLs Using Plugin and Browser Extension Detection