MobiFish: A lightweight anti-phishing scheme for mobile phones

Recent years have witnessed the increasing threat of phishing attacks on mobile platforms. In fact, mobile phishing is more dangerous due to the limitations of mobile phones and mobile user habits. Existing schemes designed for phishing attacks on computers/laptops cannot effectively address phishing attacks on mobile devices. This paper presents MobiFish, a novel automated lightweight anti-phishing scheme for mobile platforms. MobiFish verifies the validity of web pages and applications (Apps) by comparing the actual identity to the identity claimed by the web pages and Apps. MobiFish has been implemented on the Nexus 4 smartphone running the Android 4.2 operating system. We experimentally evaluate the performance of MobiFish with 100 phishing URLs and corresponding legitimate URLs, as well as fake Facebook Apps. The result shows that MobiFish is very effective in detecting phishing attacks on mobile phones.

[1]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[2]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[3]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[4]  Hao Chen,et al.  iPhish: Phishing Vulnerabilities on Consumer Electronics , 2008, UPSEC.

[5]  Stephen Groat,et al.  GoldPhish: Using Images for Content-Based Phishing Analysis , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[6]  Lorrie Faith Cranor,et al.  Phinding Phish: Evaluating Anti-Phishing Tools , 2006 .

[7]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[8]  A. Porter Phishing on Mobile Devices , 2011 .

[9]  Rachel Greenstadt,et al.  PhishZoo: Detecting Phishing Websites by Looking at Them , 2011, 2011 IEEE Fifth International Conference on Semantic Computing.

[10]  Sadia Afroz,et al.  PhishZoo : An Automated Web Phishing Detection Approach Based on Profiling and Fuzzy Matching , 2009 .

[11]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[12]  David A. Wagner,et al.  Conditioned-safe ceremonies and a user study of an application to web authentication , 2009, NDSS.

[13]  Christopher Krügel,et al.  Protecting users against phishing attacks with AntiPhish , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[14]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[15]  Markus Jakobsson,et al.  What Instills Trust? A Qualitative Study of Phishing , 2007, Financial Cryptography.