A Phishing Model and Its Applications to Evaluating Phishing Attacks
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, the authors present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Their model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of their knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat.