PHONEY: mimicking user response to detect phishing attacks

Phishing scams pose a serious threat to end-users and commercial institutions alike. Email continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In this paper we propose a novel approach to detect phishing attacks using fake responses which mimic real users, essentially, reversing the role of the victim and the adversary. Our prototype implementation called PHONEY, sits between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks. Using live email data collected over a period of eight months we demonstrate data that our approach is able to detect a wider range of phishing attacks than existing schemes. Also, the performance analysis study shows that the implementation overhead introduced by our tool is very negligible