Detecting Phishing Sites Using URLs Collected from Emails


Article Preview

Phishing is the malicious behavior of stealing personal information from computer users. It is a very popular account-theft-method among cyber criminals. Hence, developing a new approach to solve phishing attacks becomes an important issue. This paper proposes a router-based solution, called Shark, to phishing attacks. The router-based property allows Shark to protect a whole network without the need to install or maintain any software in any internal host. Based on the URLs collected from emails and the properties of the web pages pointed by these URLs, Shark quickly and automatically identifies phishing web pages. Experimental results demonstrate that Shark installed on a Linux edge router can accurately detect and attack phishing sites with low false positives and false negatives. And even though a false positive occurs, erroneous counterattacks do not influence the normal operations of legal web sites.



Edited by:

Chien-Hung Liu




C. S. Wang et al., "Detecting Phishing Sites Using URLs Collected from Emails", Applied Mechanics and Materials, Vols. 479-480, pp. 916-922, 2014

Online since:

December 2013




[1] Gartner Press Release, Gartner Says Number of Phishing Attacks on U.S. Consumers Increased 40 Percent in 2008, " http: /www. gartner. com/it/page. jsp, id=936913.

[2] Yue Zhang, Jason Hong, Lorrie Cranor, CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, the 16th International World Wide Web Conference (WWW 2007), Banff, Alberta, Canada, May, (2007).


[3] Anti Phishing Working Group, Phishing Activity Trends Report, Q4 2009, 2010. http: /www. antiphishing. org/reports/apwg_report_Q4_2009. pdf.

[4] D. Kevin McGrath, Minaxi Gupta, Behind Phishing: An Examination of Phisher Modi Operandi, in Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, CA, April, (2008).

[5] Domain Name System Blacklists, http: /www. dnsbl. info.

[6] Ian Fette, Norman Sadeh, Anthony Tomasic, Learning to Detect Phishing Emails, ISRI Technical Report, CMU-ISRI-06-112, 2006. http: /reportsarchive. adm. cs. cmu. edu/anon/isri2006/abstracts/06-112. html.


[7] Google Safe Browsing, http: /www. google. com/tools/firefox/safebrowsing.

[8] Netcraft anti-phishing tool bar, http: /toolbar. netcraft. com.

[9] Phishing Filter for Internet Explorer 7, http: /www. ie-vista. com/phishing. html.

[10] SpoofGuard, http: /crypto. stanford. edu/SpoofGuard.

[11] R. Dhamija, J. D. Tygar, and M. Hearst, Why Phishing Works, in Proceedings of the Conference on Human Factors in Computing Systems, Montreal, Canada, ACM Press, (2006).


[12] Min Wu, Robert C. Miller and Simson L. Garfinkel, Do Security Toolbars Actually Prevent Phishing Attacks?, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI2006), Montreal, Quebec, Canada, April, (2006).


[13] L. Page, S. Brin, R. Motwani, and T. Winograd, The PageRank Citation Ranking: Bringing Order to the Web, technical report, Stanford Digital Library Technologies Project, (1998).

[14] Rachna Dhamija, J. D. Tygar, The battle against phishing: Dynamic Security Skins, ', in Proceedings of the symposium on Usable privacy and security, Pittsburgh, Pennsylvania, (2005).


[15] Ashwani Mishra, ``Global loss from phishing estimated at $1 billion, Nov 15, 2011, http: /www. cxotoday. com/story/global-loss-from-phishing-estimated-at-1-billion.

[16] C. Ludl, S. McAllister, E. Kirda, and C. Kruegel, ``On the Effectiveness of Techniques to Detect Phishing Sites, the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2007), pages 20–39, July (2007).


[17] S. Garera, N. Provos, M. Chew, and A. D. Rubin, A Framework for Detection and Measurement of Phishing Attacks, ', 2007 ACM workshop on Recurring Malcode (WORM 2007), pages 1–8, Nov. (2007).


[18] PhishTank, http: /www. phishtank. com.

[19] Alexa Internet, http: /www. alexa. com.

[20] Colin Whittaker, Brian Ryner, Marria Nazif, Large-Scale Automatic Classification of Phishing Pages, " NDSS , 10, (2010).

[21] Greg Aaron The state of phishing, Computer Fraud & Security, Volume 2010, Issue 6, June 2010, Pages 5-8.

[22] Steve Sheng, Brad Wardman, Gary Warner, Lorrie Faith Cranor, Jason Hong and Chengshan Zhang, An Empirical Analysis of Phishing Blacklists, " in Proceedings of CEAS, 09, Mountain View, CA, USA, July (2009).

[23] The Apache SpamAssassin Project, http: /spamassassin. apache. org.

[24] B. Leiba and N. Borenstein, A multifaceted approach to spam reduction, in Proceedings of the First Conference on Email and Anti-Spam (CEAS), Mountain View, CA, (2004).

[25] I. Rigoutsos and T. Huynh, Chung-kwei: a pattern-discovery-based system for the automatic identification of unsolicited e-mail messages (spam), in Proceedings of the First Conference on Email and Anti-Spam (CEAS), Mountain View, CA, (2004).

[26] T. Meyer and B. Whateley, Spambayes: Effective open-source, bayesian based, email classification system, in Proceedings of the First Conference on Email and Anti-Spam (CEAS), Mountain View, CA, (2004).