Phishing Warden

1
Phishing Warden
Jim Henshaw, Michael Edvalson, Tim van der Horst,
Kent Seamons

• PHISHING ATTACKS
• Phishing attacks occur when an attacker spoofs a
  trusted web site in order to gather sensitive
  personal information from a user. Anyone who uses
  email and the Internet is subject to this kind of
  attack.

Go Ahead. Try and get my info...

• This project contributes to
• Applied research
• Example Detect phishing attacks
• RESCUE Relevance A method to combat online fraud
  following a natural disaster

Comparison to state of the art
New approach
Current approach

• Detects requests for the disclosure of sensitive
  personal information before it is sent to a
  server
• Immune to client-side scripting obfuscation,
  which can defeat proxy or firewall-based
  approaches
• Leverages trust negotiation to determine
  trustworthiness of the server for each attribute
  requested

• Recent plug-ins use heuristics and blacklists to
  determine trustworthiness of a site as it is
  loaded in the browser
• SpoofGuard, PwdHash, Netcraft toolbar, and
  Earthlink Scamblocker
• Proxies and firewalls can check for sensitive
  content when a form is submitted
• Norton Personal Firewall, ZoneAlarm Pro Firewall

Browser-based approach
Surrogate agent approach
Possible Phishing Site
2
3

• At the request of the user, the browser plug-in
  attempts to auto-fill form values
• If the form requires sensitive attributes, the
  plug-in negotiates trust for each of the
  requested values
• A successful negotiation is required before an
  attribute is put into the form

1
Trust Agent
Token
Web Server

• At the request of the user, the web server is
  sent a token
• The web server uses this token to contact the
  users surrogate trust agent and negotiate for
  the desired form values
• The trust agent only discloses the attribute
  values with which the server can be trusted

1
2
3