Phishing is an Internet security issue the contour of which is still changing and the magnitude still increasing. Although researchers across the globe as well as the IT industry experts have identified the urgent need for anti-phishing solutions, we are still playing the catching up role with the phishers. In recent times, major web browsers and antivirus products added built-in filters which can prevent phishing. As of date, there are hundreds of free or paid security toolbars available on the Internet which claim to deter phishing attacks. In this laboratory-based study, we tested how easy it is too bypass all these security toolbars and filters with a rouge Dynamic Host Control Protocol (DHCP) server. The study shows how a determined phisher can use rogue DHCP to compromise a DHCP-enabled LAN and mount a successful phishing attack. In the IIT Kharagpur laboratory on a controlled environment, we tested two major web browsers, two security toolbars and an antivirus, and found that none of these countermeasures could detect the attack; more trouble is, all these toolbars gave a go-ahead for all the phishing sites we tested.

Phishing is a form of identity theft, in which deception is used to trick a user into revealing confidential information such as username and password for financial gains. Phishers use a wide variety of technologies with one common thread. All technologies employed by phishers have a goal in common: deceiving the potential victim into believing that a message comes from a legitimate source or organization and the website is that of a trusted institution.

Information Technology Journal, Phishing, Anti-phishing, Rogue DHCP.