Geo-Phisher: The Design of a Global Phishing Trend Visualization Tool

Phishing is a significant type of internet crime that tricks users into giving up their personal and financial information. To combat phishing, browser manufacturers, software vendors, and organizations have compiled repositories of phishing URLs (blacklists). These lists enable the analysis of reported phishing attacks to be shared among antiphishing communities to gain awareness of evolving phishing trends. For example, during the third quarter of 2014, the Anti-Phishing Working Group (APWG) received approximately 50,000 unique phishing e-mail reports from consumers monthly, targeting more than 500 unique brands [1]. This data is analyzed and released as a quarterly report. To assist in the analysis of phishing blacklist data, we propose an information visualization tool called Geo-Phisher (available online at [4]). The application features a scatterplot map interface that plots the temporal and geographical information of phishing URLs. Applied to blacklist data from the APWG [3], the prototype reveals several interesting patterns in hosting locations of phishing URLs and distributions of the top phished brands across the globe.