Feeding Phishers

Lynch, Nicholas J

01 July 2009

Phishing campaigns continue to deceive users into revealing their credentials, despite advancing spam filters, browser and toolbar warnings, and educational efforts. Recently, researchers have begun investigating how fake credentials --- or honeytokens --- can be used to detect phishing sites and protect users. BogusBiter, one such work, creates sets of honeytokens based on users' real credentials and sends them alongside real user submissions to phishing sites. In this paper, we present Phish Feeder, an anti-phishing tool which extends the BogusBiter honeytoken generation algorithm in order to create more realistic and authentic-looking credentials. Phish Feeder also employs a ``honeytoken repository'' which stores generated credentials and provides a lookup service for legitimate sites that encounter invalid credentials. The Phish Feeder client is implemented as a Firefox extension and the repository is implemented as a Java web application. We compare the effectiveness of the Phish Feeder generation algorithm to that of the previous work and find that it is up to four times as effective at hiding real users' credentials within a set. Furthermore, we find that Phish Feeder introduces only negligible overhead during normal browsing, and a low overhead during credential creation and submission.

phishing

identity theft

honeytokens

fake credentials

browser extension

Other Computer Sciences