International Journal of Computer Applications (0975 – 8887) Volume 115 – No. 12, April 2015 13 An Efficient Approach for Phishing Website Detection using Visual Cryptography (VC) and Quick Response Code (QR Code) Dhanashree Moholkar Department of Computer Engineering Bharati Vidyapeeth College of Engineering for Women, Pune 411043, India Namrata Kadam Department of Computer Engineering Bharati Vidyapeeth College of Engineering for Women, Pune 411043, India Damini Deokar Department of Computer Engineering Bharati Vidyapeeth College of Engineering for Women, Pune 411043, India Ashwini Kute Department of Computer Engineering Bharati Vidyapeeth College of Engineering for Women, Pune 411043, India Sonali Kadam Department of Computer Engineering Bharati Vidyapeeth College of Engineering for Women, Pune 411043, India ABSTRACT Phishing is an attack by a group or an individual to misuse personal information such as passwords, credit card information etc. for identity theft, financial gain and other fraudulent activities. In this paper image based (QR codes) authentication using Visual Cryptography (VC) is used. Visual cryptography is explored to convert the QR code into two shares and both these shares can then be transmitted separately. One Time Passwords (OTP) is passwords which are valid only for a session to validate the user within a specified amount of time. In this paper we are doing comparison of our paper with the existing system and show how our method is more efficient and also show our results. General Terms Visual cryptography, Grayscale, Threshold algorithm. Keywords OTP, Phishing, QR code, Shares, Visual Cryptography . 1. INTRODUCTION As mentioned in our previous paper named „An Modern approach for detecting web phishing using VC and QR code‟ the concept of VC, it mentions its algorithm too. Another paper „An improved secure banking using QR codes‟ presents the design and implementation of QRP, an open source, proof-of-concept authentication system that uses a two-factor authentication by combining a password and a camera-equipped mobile phone, acting as an authentication token. Registration: This part is not implemented as the paper is only intended to present an authentication method. The following steps are a suggestion on how to complete the registration process: 1. The user would go into the registration section in the QRP web application and would submit her username, password and IMEI number1 of the phone she intends to use to authenticate. 2. After validating the data entered (correct IMEI, password complex enough,etc.), the server would store this information on the database. 3. Next, the server would generate a private and public pair of keys unique to the user, that would be stored on the server. 4. After this, the user would proceed to download and install the application on her phone. through a https request to the application server. 5. The first time the mobile application is run, the user will need to enter her username and password (the IMEI can be verified by the mobile application) and the credentials (user/password) would be validated against the database through a https request to the application server. 6. If successful, three files would be imported and stored in the user's phone internal storage: the server's public key, the user's private key and a user data file, containing the user's encrypted credentials. The server's public key will be used to decrypt the credentials file. The user's private key will be used to authenticate in the server. Authentication: When the user opens the mobile application, she will need to input the password first. It will be verified against the user's encrypted file containing the credentials and if successful, the scanning application will run. The user can now proceed to scan the code from the web application screen. The contents of the QR code will be captured and sent back to our mobile application. Our mobile application will then generate a string containing the captured random number and the IMEI of the phone, that will be encrypted using our private key. Next, the mobile application will check the state of the phone and decide whether we are going to authenticate in online or offline mode. 2. PROPOSED SYSTEM In Proposed System Quick Response Code (QR) codes and Visual Cryptography (VC) are merged together. Here anti phishing framework based on QR code and visual cryptography is used to solve the Image based authentication is used. Visual Cryptography is used to decompose an image (QR) into shares. Original QR image is revealed by combining the appropriate image shares. It helps in preventing the password and other confidential information