Revealing Phishers
A new approach ­reliably identifies fraudulent websites.

Source: “Fighting Phishing with Discriminative Keypoint Features”
Kuan-Ta Chen et al.
IEEE Journal of Internet Computing 13(3): 56-63

Results: Software designed by researchers at the Academia Sinica in Taiwan can recognize websites designed to trick people into revealing information such as passwords and bank-account numbers, a scam known as phishing. In tests, the system recognized these sites between 95 and 98 percent of the time.

Why it matters: It’s been estimated that phishing costs Americans a billion dollars a year or more. Methods for identifying phishing sites have been developed, but existing techniques don’t catch them all. The new approach promises to identify these sites more reliably.

Methods: Because phishers usually try to fool users with fake Web pages that look like genuine pages from eBay, PayPal, or some other target site, the researchers focused on a page’s appearance rather than its content. Their system examines common target sites and identifies “keypoints”–points in an image that can still be recognized even if the scammer changes colors or adds distracting elements. It then compares new sites that a user visits with the pattern of keypoints on common target pages. If the patterns prove too similar, the pages are flagged as possible phishing sites.

Next steps: The researchers are developing a browser plug-in that uses their system to warn people when they may have reached a phishing site.