Phishing is a fraudulent activity that attempts to elicit personal, confidential, and/or financial information from unwitting victims. Phishing generally entails sending large numbers of electronic messages that fraudulently claim to be from a legitimate organization instructing the recipient to click on a link that leads to an official-looking yet bogus website. Once there, the user is encouraged to input confidential information such as credit card, Social Security, and bank-account numbers. The electronic message and the bogus website typically appear authentic, and may convey a message such as “the bank has lost some records and needs to verify information.” The site typically includes an electronic form into which the user is directed to enter the requested information. The form, while official looking and seemingly addressed to a legitimate organization, channels the information to a third party, who misappropriates the confidential information.
The frequency of phishing campaigns is increasing at a dramatic and alarming rate. To illustrate just how clever phishing attacks can be, consider the phishing of PayPal®. Instead of using the letter “1” in PayPal®, the perpetrator used a san serif numeral “1,” which looks the same. Despite the deceptive technique being right in front of the analysts from the beginning, the scam took several days to identify and resolve. Phishing is as much an attack of con artists as it is of hackers.
Counter measures to protect users from phishing have achieved limited success. Proposals for limiting phishing include electronic message authentication techniques using antispam standards and scanning for “cousin” domains whereby trademark owners would be notified when a similar sounding Uniform Resource Locator (URL) or site contains spoofed content. Additionally, features such as Norton Privacy Control in Symantec's Norton Internet Security product help to stem the increasing number of phishing attacks by allowing users to identify confidential data that they wish to protect. Upon observing the previously identified confidential data being transmitted via HTTP (via the web), instant messenger, or SMTP (via electronic message), the user is prompted to provide verification that the disclosure of the confidential information is authorized. Unfortunately, when a phishing attack is successful, the user believes that they are transmitting their confidential information to a reputable website, thus circumventing the intervention and causing the user to authorize the release of sensitive information to what is actually an illicit destination. Current regulatory and industry standards do not preclude electronic message addresses that imply an association with a legitimate site. For example, there is nothing to prevent a fraudulent party from acquiring the electronic message address of Citibankhelp.com, unless that electronic message address has already been reserved by Citibank or some other party.
There remains a clear need for an effective and automated way to protect confidential information from deceptive and fraudulent phishing campaigns. What is needed are methods, systems, and computer readable media to detect illicit phishing electronic messages associated with fraudulent attempts to steal confidential information and to reliably identify e-mail messages that originate from a recognized source and whose links are authenticated as being legitimate.