Hackers of India

SpotPhish: Zero-Hour Phishing Protection

By  Ganesh Varadarajan  on 01 Mar 2018 @ Nullcon

This talk covers following tools where the speaker has contributed or authored
SPOTPHISH

Presentation Material

Abstract

Phishing and anti-phishing are locked in an arms race. Phishing attackers can automatically create thousands of custom pages and employ anti-blacklisting techniques to stay under the radar, while anti-phishing blacklists are necessarily a step behind. We propose a whitelist-based technique in the browser to address this gap and provide zero-hour phishing protection as a complement to the blacklist approach.

SpotPhish (https://spotphish.com) is an open-source browser extension which enables the user to instantly identify a phishing situation by creating a conspicuous visual difference between whitelisted pages and phishing pages. This is done as follows:

Whitelisted pages are annotated with a personal image selected by the user. While navigating untrusted pages, we take screenshots of the active browser tab and raise an alarm if there is a visual resemblance to a whitelisted page. The comparison is done using computer vision techniques. User privacy is maintained as all processing is carried out within the browser. We are able to correctly flag 80% of the last 1000 valid phishing attacks on the top 3 domains in the PhishTank database.