A Visual Cryptographic Technique for Preventing Phishing Attacks in Online Banking Platforms (Published)
Phishing continues to be a prevalent threat to the integrity of online banking platforms, exploiting user trust through deceptive web interfaces and fraudulent URLs. These attacks compromise sensitive information such as login credentials and financial data. In response, this study was initiated to develop an enhanced security model that not only detects phishing attempts but also prevents unauthorized access using cryptographic authentication. This paper aims to secure online banking platforms using a dual-layered approach combining machine learning with Visual Cryptography. To achieve this, a hybrid phishing detection and prevention system was designed and successfully implemented. The system integrates two core modules: an intelligent phishing detection engine and a secure authentication mechanism. The phishing detection engine combines K-Nearest Neighbors (KNN) for analyzing URL-based features with a Convolutional Neural Network (CNN) for image-based classification of websites. For authentication, the system generates two Visual Cryptographic (VC) shares per user during registration. One share is emailed to the user, while the other is stored securely on the server, enabling share recombination at login to verify identity. The solution was integrated with WordPress via REST API endpoints and tested extensively using both browser-based interactions and Postman. The system achieved 94% accuracy with the KNN model and 84% with the CNN model. However, our dual-model approach improves robustness and reduces reliance on one detection path. The average response time for model predictions was approximately 0.136 seconds on Render-hosted API, demonstrating reasonable computational efficiency for real-time use.
Keywords: Online Banking, Phishing, Security, k-nearest neighbor, visual cryptography
Enhancing Mobile Security Through Haptic Feedback: A Multi-Participant Investigation into Mitigating Social Engineering Attacks on Android Devices (Published)
Social engineering attacks, particularly SMS phishing (SMiShing), continue to exploit human vulnerabilities and pose substantial risks to mobile users. This study investigated the effectiveness of a haptic feedback system integrated within an Android application designed to detect and mitigate social engineering threats on mobile devices. Building on original experimentation, this study evaluates the system’s usability and impact by incorporating qualitative and quantitative data from twelve participants of varied demographics, selected for their relevance to social engineering susceptibility. Through interviews and controlled usage, the app demonstrated a detection accuracy of 91.89%, a 3.00% false positive rate, and an average response time of five seconds. Participants reported increased awareness, improved reaction times, and greater confidence in handling suspicious messages. This paper contributes to the human-centred cybersecurity domain by validating the integration of tactile feedback as a viable intervention against deception-based attacks. The study supports the hypothesis that haptic interaction fosters user attentiveness and proactive threat response, offering practical insights for future mobile security innovations.
Keywords: Android Application, Phishing, SMS threat detection, haptic feedback, mobile security, social engineering, usability study
Runtime Detection of Phising Attack Using Syntactic Verification through Web Services (Published)
Providing a secure service in web applications is a growing concern and real challenge in web security. Among the various types of web application attacks, phishing is the most common type of attack. It often direct the users to enter details at a fake website whose look and feel are almost identical to the legitimate site. Present tools are cannot completely detect the phishing attacks, that leverage vulnerabilities in trusted web applications. This paper attributes to identify phishing web sites by analyzing and validating the Uniform Resource Locator (URL), Hyperlink in web pages and syntactic verification of Hyperlink. As URLs are following the common standard RFC 1738, we have developed a schema for converting the URL into XML for verifying the URL. The detection of Phishing web sites implemented by means of two layered web services. Our web services are an independent layered module in a web application and detect and prevent the phishing attacks.
Keywords: Hyperlink, IP Address, Input Validation, Phishing, Scammer, URL, Web Service, XML Schema.