Phishing is a serious computer security threat. Phishing involves an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity (e.g., eBay, PayPal, a known bank) in an electronic communication. Phishing is typically carried out by email or instant messaging, and directs users to enter details at a fraudulent website which is disguised to look legitimate. Once the user enters the personal information, it is used for fraudulent purposes such as identity theft.
Anti-phishing software packages exist today, which employ various technical solutions to detect and block phishing attacks. Such anti-phishing solutions attempt to identify websites that users are being directed towards in electronic communications, and distinguish between legitimate and fraudulent websites. An electronic communication encouraging a user to link to a non-legitimate website can be identified as a phishing attack.
Unfortunately, phishing attacks are becoming ever more sophisticated, and consequently phishing web sites are becoming progressively more difficult to programmatically detect. Phishing groups such as Rock Phish are increasingly using more advanced techniques such as enterprise style failover and redundancy. These strategies ensure maximum uptime of their fraudulent web sites, while also reducing the ability to detect their attacks. One weakness still present in these techniques is their rampant use of throw-away domain names. These and other phishing techniques frequently change the fraudulent domains that they utilize to attempt to trick users into entering personal information.
It would be desirable to be able to reliably detect more types of phishing attacks, including those utilizing enterprise style failover and redundancy techniques.