A Study of Phishing Websites and Scan Evasion Techniques

Christian Liguori, Jean Chu, Daehan Kwak

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

A phishing attack is a deceptive tactic in which individuals are lured into divulging sensitive information to a malicious actor masquerading as a trusted entity, typically through the use of phishing websites. Malware scanners are used to identify these fraudulent websites. However, the efficacy of these scanners is limited to the information they receive. Threat actors exploit this limitation by leveraging evasion techniques, such as redirecting to benign webpages or delivering different content, to conceal their malicious intent. This underscores the need for enhanced defense mechanisms against phishing attacks to safeguard individuals from falling prey to these fraudulent schemes. In this research, we investigate the prevalence of scan evasion techniques employed by phishing websites and evaluate the effectiveness of defense strategies by comparing the responses obtained from both a user and a malware scanner. Our findings reveal a notable number of phishing websites employing evasion techniques. While the majority of these websites were detected by the malware scanner, there were instances where evasion was successful.

Original languageEnglish
Title of host publicationProceedings - 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages2299-2302
Number of pages4
ISBN (Electronic)9798350327595
DOIs
StatePublished - 2023
Event2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023 - Las Vegas, United States
Duration: 24 Jul 202327 Jul 2023

Publication series

NameProceedings - 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023

Conference

Conference2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023
Country/TerritoryUnited States
CityLas Vegas
Period24/07/2327/07/23

Keywords

  • phishing
  • phishing websites
  • Phishtank.org
  • scan evasion
  • VirusTotal

Fingerprint

Dive into the research topics of 'A Study of Phishing Websites and Scan Evasion Techniques'. Together they form a unique fingerprint.

Cite this