An integrated approach to detect phishing mail attacks: a case study

TLDR: An approach to create a resilient and effective method that uses fuzzy logic to quantify and qualify all the website phishing characteristics and factors in order to detect phishing websites to assess whether phishing activity is taking place or not is proposed.

Abstract: Phishing is a process of luring unsuspecting Internet users to a fake website by using authentic looking email and messages for fraudulent purposes. Most preferred way that the phishers employ to lure victims is through a mass email, constructed to look like an authentic message from a well-known company. Phishing website has its own technical and social problem with each other and being a very complicate and complex issue to understand and analyze, to till date there exist no known single silver bullet to solve it entirely. Here an approach to create a resilient and effective method is proposed that uses fuzzy logic to quantify and qualify all the website phishing characteristics and factors in order to detect phishing websites to assess whether phishing activity is taking place or not. The approach visualizes the webpage in three layers of which the first layer, Domain Name checker, is fully based on characteristics of hyperlinks, the second, Code Script Checker which checks out for the tricks of the attackers in a way how they use JavaScript to hide information from user, and potentially launch sophisticated attacks, and the last layer of our approach, Page Content Checker, checks for phishing site based on its sub criteria. Finally if any of them (with regards to the true one) is higher than its corresponding preset threshold then that webpage is reported as a phishing suspect.