Due to rapid development of computer technologies and networks, the problem of detecting phishing services and resources, such as web sites, web pages, applications, including mobile (Android, iOS, etc.) applications, is becoming increasingly important, since it is necessary to protect users from Internet-based fraud. Phishing is a special form of Internet based fraud, particularly, the attempt to obtain sensitive data of the users, such as their logins, passwords, credit card details (PINs, expiry dates, CVV2/CVC2 codes, numbers, card holder names), phone numbers, code words, confirmation codes (e.g. for money transfers or payments), etc.
Phishing resources, particularly, web sites or pages, are fake resources, i.e. fake web sites or pages, that mimic the appearance of a known/original resource. For instance, phishing (fake) web pages may mimic the appearance of an original web page of a bank, an e-payment system, or a login page, etc., especially one that requires the user to input confidential or sensitive data, or some other information that is valuable for the user (their clients, friends, relatives, etc.) and/or offenders. These phishing web pages (resources) are created by the offenders (fraudsters) to obtain sensitive data of web site users/visitors.
The data collected through phishing (phishing attacks) may be then used by the offenders, e.g. in order to steal money from a credit card (specifically, through illegal withdrawal), or to extort money for restoring stolen logins and passwords (fraudsters change either part, so that the user is unable to access some resource), or to extort money for keeping some valuable information secret, etc.
Links to phishing resources may be sent in text messages, a practice that is also known as “SMiShing”. Also, links to phishing resources may be contained in mailing lists, on various web sites, including social network pages, or in computer programs, such as office applications, including mobile (Android, iOS, etc.) applications.
Currently, there are conventional technologies and methods for detecting phishing resources, e.g. web pages, through analysis of URL addresses by URL masks (URL—Uniform Resource Locator/Universal Resource Locator), of domain names by keywords, or through checking whether those pages upload contents from original web sites, or checking whether there are images associated with a certain brand (e g names/logos of banks, payment systems, resources, web sites, services, etc.), including the resource reputation. Such methods and technologies for countering phishing, Internet-based fraud and illegal access to sensitive information of users (visitors of web pages or users of applications, including mobile applications), and, particularly, methods and technologies for detecting phishing web pages may further comprise determining of domain name registration date (as well as its expiration date), or calculating hash values of web pages and comparing them to hash values that have been calculated earlier. Hash value (hash code, or simply hash) is a result of processing data with a hash function. A hash function is a function for translating an input array into a bit string of a fixed length using a given algorithm.