How to catch phish

A practical anti-phishing tool for the Internet can secure electronic communications, enhance confidence in e-commerce sites, and reduce consumer and business financial losses.

Even tech-savvy users who are aware of phishing scams can only successfully detect a phishing page slightly more than half the time.

‘Phishing’ is a slightly droll label for an unfunny problem: counterfeit websites with fake login screens that can fool even the very technology-literate and harvest real online logins.

Researchers at the University Malaysia Sarawak have designed a tool called PhishWHO, which, even though still under development, outperforms current anti-phishing detection tools.

In mid-2014, a security group compiled a non-exhaustive list of more than 42,000 phishing websites on the Internet. In that year alone, Internet hackers used phishing attacks to trick online users into giving up credit card numbers, passwords and account identities; then used them to steal an estimated $453 million worldwide.

Login passwords for email, social networking sites or bank accounts become the first step in a process of identity theft that can gain access to bank accounts, credit card numbers, or personal secrets and use them to siphon money from the people who have it to the criminal hackers who want it. Security organizations say the threat is growing.

Phishers usually hoodwink people into going to these websites with spammed emails that threaten account closures or arrest for illegal behaviour, then invite them to click on a fraudulent link to solve the issue. The link, doctored to look real, sends the victim to a website that also looks real and deceives them into entering sensitive information.

Currently available anti-phishing tools are often Internet browser plug-ins such as Google Safe Browsing or Phishtank, which refer to constructed blacklists to detect bad sites. But if a phishing site is not yet entered on the blacklist, such plug-ins cannot detect it.

When PhishWHO, on the other hand, ‘sees’ an input field on a linked web page, it starts a complex but rapid process that finds the real website in order to compare what the researchers call ‘identity markers’ on it with those of the linked site.

PhishWHO works by parsing differences between actual web pages and their phishing lookalikes in real time. Several check modules running in parallel can determine if a website is real, since cloned websites that look real differ from genuine ones in other characteristics that generate the unique identity markers.

Because many phishing websites also infect every visitor’s computer with malware, PhishWHO may best be used as a module in antivirus software that can protect against such attacks.

Did you know?
A typical Internet user is often unaware of the meaning of common browser security indicators, such as the Secure Socket Layer (SSL) icon and digital certificates on the browser address bar. Even tech-savvy users who are aware of phishing scams can only successfully detect a phishing page slightly more than half the time.

Further information

Choon Lin Tan | E-mail: [email protected]
Faculty of Computer Science and Information Technology
Universiti Malaysia Sarawak

Dr Chiew Kang Leng | Email: [email protected]
Faculty of Computer Science and Information Technology
University Malaysia Sarawak

Published: 04 Apr 2017

Contact details:

Universiti Malaysia Sarawak94300 Kota SamarahanSarawak, Malaysia

News topics: