A DNS Based Anti-phishing Approach

Most of the phishing and pharming attacks are directed at the payment and financial services, with the purpose to steal online bank users’ card number and password. This paper presents the design and implementation of a DNS based anti-phishing approach, which can be used to protect the card number and the password of the online bank users effectively, and prevent phishers and pharmers from stealing such information. First, the bank name, its DNS server’s IP address, and the card number range will be stored in the database. If the Phishing Detecting Device detects that a bank card number is being sent to a suspicious website, the device will send an inverse DNS query to the DNS server of the related bank. By verifying whether the suspicious website is with in the domain of the bank, it can determine whether the website is a phishing website.