“Phish mail guard: Phishing mail detection technique by using textual and URL analysis”

Abstract

Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker. Phishing emails contains messages to lure victims into performing certain actions, such as clicking on a URL where a phishing website is hosted, or executing a malware code. Phishing has become the most popular practice among the criminals of the Web. Phishing attacks are becoming more frequent and sophisticated. URL and textual content analysis of email will results in a highly accurate anti phishing email classifier. We propose a technique where we consider the advantages of blacklist, white list and heuristic technique for increasing accuracy and reducing false positive rate. In heuristic technique we are using textual analysis and URL analysis of e-mail. Since most of the phishing mails have similar contents, our proposed method will increase the performance by analysing textual contents of mail and lexical URL analysis. It will detect phishing mail if DNS in actual link is present in blacklist. DNS is present in white list then it is considered as legitimate DNS. If it is not present in blacklist as well as white list then it is analyzed by using pattern matching with existing phishing DNS, contents found in mail and analysis of actual URL. With the help blacklist and white list we are avoiding detection time for phishing and legitimate email. At the same time we are decreasing false positive rate by combining features of DNS, textual content analysis of email and URL analysis.