We have also combined some of the features used in PhishPatrol with other approaches to detect phishing Web sites. Jason Hong has been leading our group’s development of a tool called CANTINA, which analyzes the content of a Web page in combination with other heuristics to determine whether or not the page is part of a phishing site. CANTINA first employs a well-known information-retrieval algorithm to identify five terms that are important on a given Web page but relatively uncommon on the Internet overall. For example, on an eBay log-in page, this “lexical signature” might be, “eBay, user, sign, help, forgot.” If you were to search for these five terms using Google, the legitimate eBay log-in page would appear among the top search results. Phishing Web sites that have replicated the eBay log-in page are unlikely to appear because one of the criteria Google’s proprietary algorithm uses in ranking a Web page is the number of links to it from other pages on the Internet, so legitimate pages are more likely to be in the top results. This approach is not foolproof, however, especially if a legitimate site was recently created; thus, it is only one of several features that CANTINA considers in assessing a Web site.

The Evolving Threat

   
Already a Digital subscriber? Sign-in Now
If your institution has site license access, enter here.

ABOUT THE AUTHOR(S)
Lorrie Faith Cranor is an associate professor of computer science and of engineering and public policy at Carnegie Mellon University, where she directs the Usable Privacy and Security Laboratory and leads an antiphishing research project. She also recently co-founded Wombat Security Technologies, Inc., to commercialize products developed by her group. Cranor has published four books and scores of research papers about online privacy, phishing, spam, electronic voting, and other topics related to computer security and usability. She hopes one day people will no longer consider "usable security" to be an oxymoron.