Multilayer Approach to Defend Phishing Attacks

TL;DR

This paper analyzes phishing characteristics through extensive spam data collection, revealing phishers' reliance on social engineering, and proposes a multilayer anti-phishing approach that significantly reduces false negatives and attacks.

Contribution

It introduces a novel multilayer anti-phishing methodology based on analysis of real spam data, improving detection effectiveness against dynamic phishing tactics.

Findings

Over 80% reduction in false negatives

More than 95% decrease in phishing attacks

Phishers mainly use social engineering techniques

Abstract

Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; therefore a continuous evaluation of phishing only helps us combat phisher effectiveness. In our study, we collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected data, we identified different kinds of phishing scams and mode of operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study will develop more efficient anti-phishing methodologies. Based on our analysis, we developed an anti-phishing methodology and implemented in our network. The results show that this approach is highly effective to prevent phishing attacks. The proposed approach reduced more than 80% of the false negatives and more than 95% of phishing attacks in our network.