Thanks to the rapid development of Internet technologies over the last decade, the affordability of a large variety of Internet-connectable devices (such as personal computers, notebooks, tablets, smartphones, etc.), and their ease of use, a great number of people have come to rely on the World-Wide Web for their daily activities, such as consuming media content, shopping, working with bank accounts, reading mail, texts, or other forms of messaging, visiting social networks, among many other uses. Often, when working on the Internet (for example, when purchasing products, transferring money, registering with retailers or service providers, etc.), users are asked to provide certain confidential information (such as credit card numbers and bank account numbers, account passwords, etc.), all of which are examples of information upon which the financial security of users depends, to external sites.
The sheer number of users of the Internet has drawn a massive increase in the activity of fraud perpetrators who, by various techniques and methodologies, seek to gain access to confidential data of users in order to misappropriate personal and financial data to engage in fraudulent or other malicious activity. One of the more popular methods employed by fraudsters is commonly referred to as phishing, i.e. gaining access to confidential user information through electronic messaging by masquerading as a known or trusted entity, e.g., popular brands, personal messages within various services (for example, within social networks), and creation and registration with search services of sites posing as legitimate sites of banks, Internet stores, social networks, etc. A letter or message sent to users by fraudsters often contains links to malicious sites which look familiar, and often quite similar, to real ones, or to sites from which a transfer to malicious sites will be made. Once the user is transferred to a fake page, fraudsters, using various social engineering techniques, try to cause the user to enter his/her confidential information, which the fraudster then uses to access corresponding user accounts and bank accounts. In addition to the extraction of confidential information, the user is exposed to the risk of receiving, from a fake site, a malicious application that works unbeknownst to the user to gather various other items of information from the victim's computer and transfer it to fraudsters.
To counter the above-described fraud method, technologies are used to detect phishing messages (for example, in email) and fake sites. These technologies use databases of trusted and non-trusted site addresses, templates of sentences and other text strings from known phishing messages, etc. When the presence of such a suspicious object is detected, the user is informed about the potential danger.
Although these existing techniques may be efficient when dealing with already-known threats, links and pages, that have been studied by information security specialists and have been recognized as potentially dangerous, the conventional techniques are much less efficient when dealing with new, constantly-changing threats. In addition, because of a manual or semi-automatic analysis, the response time between the appearance of a new phishing site or message and its detection and subsequent blockage from access by a user can be quite significant, which represents a major factor in the large number of users succumbing to phishing and related fraud.
A practical solution is therefore needed to address the ever-changing nature of phishing attacks.