We were interested in user behavior analytics and other programming techniques. So, this challenge offered us a great opportunity to learn these techniques while helping to reduce a problem as phishing.
What it does
These pages communicate Banorte with third persons and allow the customers to know if a website is from a fraudulent company. The process consists of two parts of validation, each one specifically created for a specific part that gets involved in the phishing process. Part one; Banorte official page and part two; the third persons. In the first case, all the Banorte websites have the same domain and the extension connected to the database can recognize the website and allow the customer to stay on the page. In the case of the third person, it starts generating a key that Banorte gives to the company. Then, the company has to complete a register where they have to provide the key and the name of their page. This information is saved in a database that makes a "white list". So now in case, a customer wants to open a website of a third person, the extension should allow it. The other case is a website that is not in the "white list" and does not have the Banorte domain, this means that is a fraudulent page and the extension must alert the customer.
How we built it
We design a model based on the three main actors in the phishing cases: the suppliers (Banorte), the user of other secondary suppliers of the bank. We design a database in firebase, in order to register the fraudulent sites and the real ones. Also, we designed a web app for the bank, where it can register the partner sites, providing them with a special key that must be validated by the database. At last, we design a browser extension for chrome, which can check the sites that the user visits in order to guarantee the reliability of the sites.
Challenges we ran into
Getting to know how to use firebase, the main problem was how to connect the chrome extension with the database because firebase still has experimental features that there is not a lot of documentation and it is hard to understand. Also, it requires a lot of security requirements that we could not fit for the reasons that we have to buy the license of the distribution of extension.
Accomplishments that we're proud of
Creating a solution that involves the three parties in a phishing problem. In this case, we were able to figure out the relationship between the customer search, the websites of third persons and the official Banorte website. We find out that it is not enough just to keep safe the customer search, the third person website or just the official website. Our solution minimizes the possibility of phishing more than the ones that just keep safe one of the three actors in phishing problems.
What we learned
Using firebase and node. In the first one, we learned the basics and making a database.
What's next for stop phishing
Applying machine learning to this system so it is faster to detect the domain of the fraudulent websites that are always changing and can scape from other phishing detection systems.