A Framework for Detection and Measurement of Phishing Attacks

Phishing is form of identity theft that combines social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. Often a phisher tries to lure her victim into clicking a URL pointing to a rogue page. This paper focuses on studying the structure of URLs employed in various phishing attacks. It finds that it is often possible to tell whether or not a URL belongs to a phishing attack without requiring any knowledge of the corresponding page data. It describes several features that can be used to distinguish a phishing URL from a benign one. These features are used to model a logistic regression filter that is efficient and has a high accuracy.