Approaches to Phishing Identification Using Match and Probabilistic Digital Fingerprinting Techniques

Phishing is a malicious form of Internet fraud with the aim to steal valuable information such as credit cards, social security numbers, and account information. This is accomplished primarily by crafting a faux online presence to masquerade as a legitimate institution and soliciting information from unsuspecting customers. Phishing attacks involving websites are among the most commonplace and effective types of online fraud, having the potential to cost both victims and targeted organizations in privacy, reputation, and monetarily. Due to the malicious nature of phishing attacks, identifying them bears higher demands in detection than filtering spam or other nuisance content. This paper establishes some requirements for phishing identification and explains various approaches to detection by looking for copying of web site layout and structure through source code (and optionally image) fingerprinting. This enables us to perform a number of exact-match comparisons to genuine websites or to other known attacks. Lastly, we also explore techniques to correlate different attacks to a single likely source.