Phishing Intelligence Using the Simple Set Comparison Tool

Phishing websites, phish, attempt to deceive users into exposing their passwords, user IDs, and other sensitive information by imitating legitimate websites, such as banks, product vendors, and service providers. Phishing investigators need fast automated tools to analyze the volume of phishing attacks seen today. In this paper, we present the Simple Set Comparison tool. The Simple Set Comparison tool is a fast automated tool that groups phish by imitated brand allowing phishing investigators to quickly identify and focus on phish targeting a particular brand. The Simple Set Comparison tool is evaluated against a traditional clustering algorithm over a month\u27s worth of phishing data, 19,825 confirmed phish. The results show clusters of comparable quality, but created more than 37 times faster than the traditional clustering algorithm. Keywords: phishing, phish kits, phishing investigation, data mining, parallel processin

Achieving a consensual definition of phishing based on a systematic review of the literature

Background:\ud Phishing is a widely known phenomenon, but currently lacks a commonly accepted definition. As a result, many studies about phishing use their own definition. The lack of a common definition prevents knowledge accumulation and makes analysing studies or aggregating data about phishing a difficult task.\ud Method:\ud To develop a definition, we used existing definitions as input and combined them using crime science theories as the theoretical framework. A systematic review of the literature up to August 2013 was conducted, resulting in 2458 publications mentioning the word phishing. All journal articles, together with both highly cited and recent conference papers were selected, giving a total of 536 peer-reviewed publications (22%) to be manually reviewed. This resulted in 113 distinct definitions to be analysed.\ud Results:\ud An analysis identified key concepts that were found in most definitions and formed the building blocks for a consensual definition. We propose a new definition that is based upon current ones, which defines phishing in a comprehensive way and - in our opinion - addresses all important elements of phishing: 'phishing is a scalable act of deception whereby impersonation is used to obtain information from a target'.\ud Conclusions:\ud A consensual definition allows future research to be aligned and it facilitates the interpretation and comparison of existing research. The findings suggest that the routine activity approach can be applied to the digital world. Finally, the 'scalability' concept of our definition provides a new theoretical notion to digital crime that is independent of the employed channel

Tutorial and Critical Analysis of Phishing Websites Methods

The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers’ confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user’s confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods