Anti-phishing tool detects fraudulent sites by analyzing their elements

A Hong Kong City University professor that concentrates his effort on ways for combating phishing has recently made public a piece of software that proactively detects phishing web sites.

Intended as a defense tool that allows companies to search for potential phishing sites by themselves, the software automatically downloads the contents of potential fraudulent websites to a server and analyzes it by breaking it down into elements that a computer can understand and evaluate: text, lines, symbols, structure, and more.

So far, the beta version of the software is being distributed freely. Called Reasonable Anti-phishing, it also has an online version called SiteWatcher, where you can enter the suspect URL and check if it’s fraudulent.

According to the current statistics, the numbers confirm the OpenDNS statistics from two months ago: PayPal is the most frequent target of phishing websites.

“Users can report to us “suspicious’ web sites. We then track and uncover phishing targets,” explains the professor, Dr Liu Wenyin. “Data can be collected to identify the most targeted in phishing attacks. The software will serve as an effective watchdog tool. As the database grows, the monitoring can become more comprehensive.”

According to the University’s NewsCentre, the software’s effectiveness is not limited to websites in a particular language. Once, Dr Liu and the team behind the software have discovered a cloned version of the official site of a a European country’s ministry of foreign affairs.