Presentation Material
Abstract
Phishing and anti-phishing are locked in an arms race. Phishing attackers can automatically create thousands of custom pages and employ anti-blacklisting techniques to stay under the radar, while anti-phishing blacklists are necessarily a step behind. We propose a whitelist-based technique in the browser to address this gap and provide zero-hour phishing protection as a complement to the blacklist approach.
SpotPhish (https://spotphish.com) is an open-source browser extension which enables the user to instantly identify a phishing situation by creating a conspicuous visual difference between whitelisted pages and phishing pages. This is done as follows:
Whitelisted pages are annotated with a personal image selected by the user. While navigating untrusted pages, we take screenshots of the active browser tab and raise an alarm if there is a visual resemblance to a whitelisted page. The comparison is done using computer vision techniques. User privacy is maintained as all processing is carried out within the browser. We are able to correctly flag 80% of the last 1000 valid phishing attacks on the top 3 domains in the PhishTank database.