PhishZoo: An Automated Web Phishing Detection Approach Based on Profiling and Fuzzy Matching

Phishing is a web-based attack that uses social engineering techniques to exploit Internet users and acquire sensitive data. Most phishing attacks work by creating a fake version of the real site’s web interface to gain the user’s trust. Despite the fact that these phishing sites look identical or nearly identical to the real sites they imitate, user studies have shown that users ignore browser-based indicators and often use the appearance of a site to judge the authenticity of sites, just as they use the appearance of physical sites to judge their authenticity. This paper proposes a phishing detection approach—PhishZoo—that uses profiles of trusted websites’ appearances built with fuzzy hashing techniques to detect phishing. We evaluate our approach on over 600 phishing sites imitating 20 real sites and show that it provides similar accuracy to blacklisting approaches, with the advantage that it can classify new attacks and targeted attacks against smaller sites (such as corporate intranets). PhishZoo has the potential to have a beneficial impact on the phishing“arms race”by reducing the effectiveness of sites that look too much like the real sites and thus giving users a chance to detect sites that “look phishy.”