@inproceedings{97d32474320840808a3f76a5d5ed5420,
title = "A Study of Phishing Websites and Scan Evasion Techniques",
abstract = "A phishing attack is a deceptive tactic in which individuals are lured into divulging sensitive information to a malicious actor masquerading as a trusted entity, typically through the use of phishing websites. Malware scanners are used to identify these fraudulent websites. However, the efficacy of these scanners is limited to the information they receive. Threat actors exploit this limitation by leveraging evasion techniques, such as redirecting to benign webpages or delivering different content, to conceal their malicious intent. This underscores the need for enhanced defense mechanisms against phishing attacks to safeguard individuals from falling prey to these fraudulent schemes. In this research, we investigate the prevalence of scan evasion techniques employed by phishing websites and evaluate the effectiveness of defense strategies by comparing the responses obtained from both a user and a malware scanner. Our findings reveal a notable number of phishing websites employing evasion techniques. While the majority of these websites were detected by the malware scanner, there were instances where evasion was successful.",
keywords = "phishing, phishing websites, Phishtank.org, scan evasion, VirusTotal",
author = "Christian Liguori and Jean Chu and Daehan Kwak",
note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023 ; Conference date: 24-07-2023 Through 27-07-2023",
year = "2023",
doi = "10.1109/CSCE60160.2023.00374",
language = "English",
series = "Proceedings - 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "2299--2302",
booktitle = "Proceedings - 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023",
}