Computer users are often victimized by phishing attacks, in which they unknowingly provide personal and confidential information to malicious websites. Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are commonly made by sending fraudulent emails or instant messages, and enticing users to click on a link and submit personal information to what appears to be a legitimate website.
Existing anti-phishing solutions use databases of known, active phishing sites in combination with end-user heuristic based techniques to determine whether a web site which is requesting information is trustworthy. Such database information is often not available to these solutions until hours or days after a phishing site goes live. The reason for this delay is that it often takes a period of time for a new phishing site to be discovered, and then for identifying information to be distributed to security software publishers and made available to their users. During this period of time, users may unknowingly expose their personal information to a malicious website without any warnings from their installed anti-phishing solution.
Additionally, heuristic detection approaches are becoming less effective as phishers become better at replicating original sites. Furthermore, phishing sites that do not imitate authentic sites, such as fake stores, are even more difficult to detect. Once a phishing site is discovered, new protections are provided to anti-phishing solutions to ensure users are protected until the site is shut down.
Because there can be a gap between the launch of a new phishing site and its detection, phishing attacks can succeed by producing a large number of phishing sites quickly, even where each site only collects confidential information concerning a few thousand users before being shut down. It would be desirable to robustly protect users from such phishing attacks.