Carnegie Mellon University
Phishing attacks are a significant threat to users of the internet, causing tremendous economic loss every year. In combating phish, industry relies heavily on manual verification to achieve a low false positive rate, which, however, tends to be slow in responding to the huge volume of unique phishing URLs created by toolkits. The authors' goal here is to combine the best aspects of human verified blacklists and heuristic-based methods, i.e., the low false positive rate of the former and the broad coverage of the latter. To that end, they present the design and evaluation of a hierarchical blacklist-enhanced phish detection framework.