MDMap: Assisting Users in Identifying Phishing Emails

Email-based online phishing is one of the key security threats that greatly deteriorate the trustworthiness of the Internet. Although many spam filters have been developed and deployed, a non-negligible number of phishing emails still sneak into users’ inboxes each day. Phishing emails often contain suspicious information that separate them from the legitimate ones; however, average non-expert email users are not acquainted with the details of the Internet email system so as to identify the suspicious information in phishing emails. In this paper we develop a simple yet effective system named MDMap to assist email users in identifying phishing emails. MDMap reveals suspicious information in phishing emails in an intuitive and sensible manner. In particular, in addition to other features, MDMap provides a geographical map showing the message delivery path of an email, which helps to caution the user if the email has been originated from or traversed a suspicious region. In this paper we present the design and development of MDMap and perform a preliminary experiment to illustrate the usefulness of MDMap using real-world phishing emails.