A Large-Scale Analysis of Phishing Websites Hosted on Free Web Hosting Domains

  title={A Large-Scale Analysis of Phishing Websites Hosted on Free Web Hosting Domains},
  author={Sayak Saha Roy and Unique Karanjit and Shirin Nilizadeh},
While phishing attacks have evolved to utilize several obfuscation tactics to evade prevalent detection measures, implementing said measures often requires significant technical competence and logistical overhead from the attacker’s perspective. In this work, we identify a family of phishing attacks hosted over Free web-Hosting Domains (FHDs), which can be created and maintained at scale with very little effort while also effectively evading prevalent anti-phishing detection and resisting… 



Emerging phishing trends and effectiveness of the anti-phishing landing page

It is found that the anti-phishing landing page has been successful in training users on how to prevent themselves from phishing attacks, and phishers have started to modify their techniques by creating more legitimate looking URLs and buying large number of domains to increase their activity.

PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques against Browser Phishing Blacklists

PhishFarm: a scalable framework for methodically testing the resilience of anti-phishing entities and browser blacklists to attackers' evasion efforts is presented and can be extended to test future state-of-the-art evasion techniques used by malicious websites.

PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling

This work built a novel, scalable, low-cost framework named PhishPrint to enable the evaluation of such web security crawlers against multiple cloaking attacks and found several previously unknown cloaking weaknesses across the crawler ecosystem.

Catching Classical and Hijack-Based Phishing Attacks

This work is the first to consider hijack-based phishing attacks and presents effective and comprehensive classifiers for both kinds of attacks, classical or hijacked, and presents results of these classifiers and combination schemes on datasets extracted from several sources.

PhishInPatterns: measuring elicited user interactions at scale on phishing websites

An intelligent crawler that combines browser automation with machine learning methods to simulate user interactions with phishing pages and explore their UX and UI characteristics can help the community gain a more in-depth understanding of how web-based phishing attacks work from a users' perspective and can be used to inform the development of more accurate and robust phishing detectors.

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

CrawlPhish is presented, a framework for automatically detecting and categorizing client-side cloaking used by known phishing websites and proposes a taxonomy of eight types of evasion across three high-level categories: User Interaction, Fingerprinting, and Bot Behavior.

PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists

It is shown that methodical long-term empirical measurements are an effective strategy for proactively detecting weaknesses in the anti-phishing ecosystem and that enhanced protections on mobile devices and the expansion of evidence-based reporting protocols are critical ecosystem improvements that could better protect users against modern phishing attacks.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks

The system exploits the observation that attackers often employ simple modifications to URLs to evade blacklisting, and proposes five heuristics to enumerate simple combinations of known phishing sites to discover new phishing URLs.

On Effectiveness of Source Code and SSL Based Features for Phishing Website Detection

This paper extracts the relevant rules based on webpage source code and Secure Socket Layering (SSL) based features from a training dataset using Repeated Incremental Pruning to Produce Error Reduction (RIPPER) algorithm and shows that these rules can identify phishing websites with an accuracy of 0.92.

A Methodical Overview on Phishing Detection along with an Organized Way to Construct an Anti-Phishing Framework

  • Srushti PatilSudhir Dhage
  • Computer Science
    2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS)
  • 2019
A focused literature survey of methods available to detect phishing websites and analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is a major contribution.