A layout-similarity-based approach for detecting phishing pages

Rosiello, Angelo P. E.; Kirda, Engin; Kruegel, Christopher; Ferrandi, Fabrizio

doi:10.1109/seccom.2007.4550367

Cited by 101 publications

(54 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of approaches has been proposed by the research community to protect users from phishing attacks, which vary from user awareness surveys to experiments of the effectiveness of current security mechanisms and proposals of novel ones. More specifically, the work in Banu et al (2013), Rosiello et al (2007) and Rani and Dubey (2014) focuses on phishing with regards to its properties, characteristics, attack types, and available counter-measures. Authors in Rani and Dubey (2014), Jansson and Von Solms (2013) present a survey on user training methods, as well as their effectiveness against phishing attacks.…”

Section: Phishingmentioning

confidence: 99%

Security Busters: Web browser security vs. rogue sites

Virvilis

Mylonas

Tsalis

et al. 2015

Computers & Security

View full text Add to dashboard Cite

Android iOS Malware Mobile device Phishing Smartphone Security Windows Web browser a b s t r a c t URL blacklists are used by the majority of modern web browsers as a means to protect users from rogue web sites, i.e. those serving malware and/or hosting phishing scams.There is a plethora of URL blacklists/reputation services, out of which Google's Safe Browsing and Microsoft's SmartScreen stand out as the two most commonly used ones.Frequently, such lists are the only safeguard web browsers implement against such threats. In this paper, we examine the level of protection that is offered by popular web browsers on iOS, Android and desktop (Windows) platforms, against a large set of phishing and malicious URL. The results reveal that most browsers e especially those for mobile devices e offer limited protection against such threats. As a result, we propose and evaluate a countermeasure, which can be used to significantly improve the level of protection offered to the users, regardless of the web browser or platform they are using.

show abstract

Section: Phishingmentioning

confidence: 99%

Security Busters: Web browser security vs. rogue sites

Virvilis

Mylonas

Tsalis

et al. 2015

Computers & Security

View full text Add to dashboard Cite

show abstract

“…AntiPhish [19] tracks sensitive information and informs the user whenever those are given to any untrusted website. DOMAntiPhish [33] alerts the user whenever she visits a phishing site with a layout similar to a trusted website. All these solutions help in preventing that the user is deceived in trusting a site similar to a known site she used in the past, but they do not prevent against other categories of scams, such as fake pharmacies and rogue antiviruses [7,39].…”

Section: Related Workmentioning

confidence: 99%

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

Corbetta

Invernizzi

Kruegel

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. With JavaScript and images at their disposal, web authors can create content that is immediately understandable to a person, but is beyond the direct analysis capability of computer programs, including security tools. Conversely, information can be deceiving for humans even if unable to fool a program. In this paper, we explore the discrepancies between user perception and program perception, using content obfuscation and counterfeit "seal" images as two simple but representative case studies. In a dataset of 149,700 pages we found that benign pages rarely engage in these practices, while uncovering hundreds of malicious pages that would be missed by traditional malware detectors. We envision that this type of heuristics could be a valuable addition to existing detection systems. To show this, we have implemented a proofof-concept detector that, based solely on a similarity score computed on our metrics, can already achieve a high precision (95%) and a good recall (73%).

show abstract

“…Several approaches have been proposed to detect phishing sites such as analyzing page content, layout, and other anomalies [22,26,31]. In addition, studies have analyzed the modus operandi of the criminal operations behind phishing [23], and the effectiveness of phishing defenses [25].…”

Section: Related Workmentioning

confidence: 99%

The Underground Economy of Fake Antivirus Software

Stone-Gross

Abman

Kemmerer

et al. 2012

Economics of Information Security and Privacy III

Self Cite

View full text Add to dashboard Cite

Fake antivirus (AV) programs have been utilized to defraud millions of computer users into paying as much as one hundred dollars for a phony software license. As a result, fake AV software has evolved into one of the most lucrative criminal operations on the Internet. In this paper, we examine the operations of three large-scale fake AV businesses, lasting from three months to more than two years. More precisely, we present the results of our analysis on a trove of data obtained from several backend servers that the cybercriminals used to drive their scam operations. Our investigations reveal that these three fake AV businesses had earned a combined revenue of more than $130 million dollars.A particular focus of our analysis is on the financial and economic aspects of the scam, which involves legitimate credit card networks as well as more dubious payment processors. In particular, we present an economic model that demonstrates that fake AV companies are actively monitoring the refunds (chargebacks) that customers demand from their credit card providers. When the number of chargebacks increases in a short interval, the fake AV companies react to customer complaints by granting more refunds. This lowers the rate of chargebacks and ensures that a fake AV company can stay in business for a longer period of time. However, this behavior also leads to unusual patterns in chargebacks, which can potentially be leveraged by vigilant payment processors and credit card companies to identify and ban fraudulent firms.

show abstract

A layout-similarity-based approach for detecting phishing pages

Cited by 101 publications

References 10 publications

Security Busters: Web browser security vs. rogue sites

Security Busters: Web browser security vs. rogue sites

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection

The Underground Economy of Fake Antivirus Software

Contact Info

Product

Resources

About