PhishLurk : A Mechanism for Classifying and Preventing Phishing Websites

1. PhishLurk: A Mechanism for Classifying and Preventing Phishing Websites Master Project Proposal Mohammed Alqahtani

2. Mohammed Alqahtani/PhishLurk Outline of the Talk • Introduction • Motivation • Phishing Defense • Goals • Phishlurk • How PhishlurkWorks • Design Of PhishLurk • Tasks/Schedule • Deliverables • References

3. Mohammed Alqahtani/PhishLurk Introduction • What is Phishing ? • How Bad ? • In the U.S., companies lose more than $2 billion every year . • 7 of 10 users received phishing E-mail, are spoofed. • Why phishing works ? • Lack of Knowledge, carelessness, Visual Deception, and too many phishing attempts

4. Mohammed Alqahtani/PhishLurk Motivation • Existed solutions : • Use black listto filter phishing sites • Integrate filtering/alerting functions into browsers through plugs-ins, extensions and toolbar. • Users have varieties ways to access the internet • Different platforms: notebooks, handhelds, smartphones, etc. • Different computation capabilities and features • Existed phishing protection mainly support desktop. •  Expand the surface for phishing attackers and make it harder to provide protection

5. Mohammed Alqahtani/PhishLurk Related Work • PhishTank • Short note on what it is. Highlight the research results • Title of paper 1, authors, conf/journal, year • Short note on what it is. Highlight the research results • Title of paper 2 , authors, conf/journal, year • Short note on what it is. Highlight the research results • Title of paper 3 , authors, conf/journal, year • Short note on what it is. Highlight the research results

6. Mohammed Alqahtani/PhishLurk Locations for Implementing Phishing Defense • Browsers themselves • Browsers extensions or plug-ins [ref1, ref2] • Proxy server [Dansguardian] • Anti-phishing Server [author-year] • Anti-phishing Search Site. “my project falls in this category”.

7. Mohammed Alqahtani/PhishLurk Goals • Provide user protection againstphishing websites • Consume as little computation and screen resource as possible. • Categorize sites with different levels of risks.

8. Mohammed Alqahtani/PhishLurk Phishlurk • Uses PHP and CSS . • Classify and blocking phishing links. • Uses Phishtank’s blacklist. • Indicates the risk to users consume as less computation and screen recourses as possible. • Coloring scheme . • The process is done on the search server side. Users receive classified and protected links.

9. Mohammed Alqahtani/PhishLurk How Phishlurks Works? • Valid Phishing link (Red): • For links from confiirmedphishining sites. • Treatment: Disabled. Users will be blocked to access the links. • Unknown link (Orange): • For links that are suspicious. Might be potentially phishing, but not verified yet. • Treatment: Users can decide whether access or not. Phishlurkwarns about the impact or consequences.

10. Mohammed Alqahtani/PhishLurk How Phishlurks Works? Con’t • Unlikely link (Gray): • For links from Unknown sites and Unlikely to be a phishing link. • i.e. Official websites (.edu or .gov). • Treatment: • Maintains to be unlikely until the verification. • User can choose whether to access the link or not • Phishlurkwarn users to take the responsibility and that the link unlikely to be phishing. • Safe Link (Blue): • For links that are known to be safe. • user can access the link without triggering warning messages.. • PhishLurkreads and updates the blacklist periodically and automatically from the source “PhishTank.com”

11. Mohammed Alqahtani/PhishLurk Phishlurk’s Design

12. Mohammed Alqahtani/PhishLurk Tasks • Done already • In Progress

13. Mohammed Alqahtani/PhishLurk Deliverables

14. Mohammed Alqahtani/PhishLurk References • RachnaDhamija, J. D. Tygar, and Marti Hearst. 2006. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems (CHI '06), Rebecca Grinter, Thomas Rodden, Paul Aoki, Ed Cutrell, Robin Jeffries, and Gary Olson (Eds.). ACM, New York, NY, USA, 581-590. DOI=10.1145/1124772.1124861 http://doi.acm.org/10.1145/1124772.1124861. • Aaron Blum, Brad Wardman, ThamarSolorio, and Gary Warner. 2010. Lexical feature based phishing URL detection using online learning. In <em>Proceedings of the 3rd ACM workshop on Artificial intelligence and security</em> (AISec '10). ACM, New York, NY, USA, 54-60. DOI=10.1145/1866423.1866434 http://doi.acm.org/10.1145/1866423.1866434 • Gross, Ben. "Smartphone Anti-Phishing Protection Leaves Much to Be Desired | Messaging News." Messaging News | The Technology of Email and Instant Messaging. 26 Feb. 2010. Web. <http://www.messagingnews.com/story/smartphone-anti-phishing-protection-leaves-much-be-desired>. • ComScore, Inc. "Smartphone Subscribers Now Comprise Majority of Mobile Browser and Application Users in U.S." ComScore, Inc. - Measuring the Digital World. ComScore, Inc, 1 Oct. 2010. <http://www.comscore.com/Press_Events/Press_Releases/2010/10/Smartphone_Subscribers_Now_Comprise_Majority_of_Mobile_Browser_and_Application_Users_in_U.S>. • Entner, Roger. "Smartphones to Overtake Feature Phones in U.S. by 2011." Http://www.nielsen.com. Nielsen Wire, 26 Mar. 2010. Web. <http://blog.nielsen.com/nielsenwire/consumer/smartphones-to-overtake-feature-phones-in-u-s-by-2011/>. • Kerstein, Paul L. "How Can We Stop Phishing and Pharming Scams?" CSO Online - Security and Risk. CSO Magazine - Security and Risk, 19 July 2005. Web. <http://www.csoonline.com/article/220491/how-can-we-stop-phishing-and-pharming-scams->.

15. Mohammed Alqahtani/PhishLurk References • OpenDNS, LLC. PhishTank: an Anti-phishing Site. [Online]. http://www.phishtank.com. • Joshi, Y.; Saklikar, S.; Das, D.; Saha, S.; , "PhishGuard: A browser plug-in for protection from phishing," Internet Multimedia Services Architecture and Applications, 2008. IMSAA 2008. 2nd International Conference on , vol., no., pp.1-6, 10-12 Dec. 2008 doi: 10.1109/IMSAA.2008.4753929, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4753929&isnumber=4753904 • PhishTank - Statistics about phishing activity and PhishTank usage , http://www.phishtank.com/stats.php • PhishTank, Friends of PhishTank, http://www.phishtank.com/friends.php • SmartScreen Filter: Frequently Asked Questions." Windows Home - Microsoft Windows. <http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9>. • "SmartScreen Filter - Microsoft Windows." Windows Home - Microsoft Windows. Web. <http://windows.microsoft.com/en-US/internet-explorer/products/ie-9/features/smartscreen-filter>. • Apple - Safari - Learn about the Features Available in Safari." Apple. <http://www.apple.com/ca/safari/features.html>. • TECH.BLORGE- Top Technology news, Paypal warns buyers to avoid Safari browser from Apple - <http://tech.blorge.com/Structure:%20/2008/02/28/paypal-warns-buyers-to-avoid-safari-browser-from-apple/ > • "Firefox 2 Phishing Protection Effectiveness Testing." Home of the Mozilla Project. <http://www.mozilla.org/security/phishing-test.html>. • "AVIRA News - Anti-Virus Users Are Restless, Avira Survey Finds." Antivirus Software Solutions for Home and for Business. <http://www.avira.com/en/press-details/nid/482/>. • ChuanYue and Haining Wang. 2010. BogusBiter: A transparent protection against phishing attacks. ACM Trans. Internet Technol. 10, 2, Article 6 (June 2010), 31 pages. DOI=10.1145/1754393.1754395 http://doi.acm.org/10.1145/1754393.1754395 • RachnaDhamija and J. D. Tygar. 2005. The battle against phishing: Dynamic Security Skins. In Proceedings of the 2005 symposium on Usable privacy and security (SOUPS '05). ACM, New York, NY, USA, 77-88. DOI=10.1145/1073001.1073009 http://doi.acm.org/10.1145/1073001.1073009