Investigating Phishing on Demand

Pascal Gerig. Investigating Phishing on Demand. Bachelor’s thesis, University of Bern, May 2020. Details.


Gathering protected information by disguising an attacker as a trustworthy contact in electronic communication, also known as “phishing, is the primary technique attackers use to steal sensitive data. Phishing websites are mainly static and barely synchronize with the original website. We investigate “Phishing on Demand, a technique to dynamically replicate any website for phishing purposes. The replicas are available with a few clicks and are always in sync with the original web pages. Our studies with a proof of concept show that this phishing technique is highly effective. For instance, we could successfully run phishing campaigns against major Swiss e-banking websites with two-factor authentication. With this thesis, we show that there is a demand for more robust visual similarity algo- rithms for websites that are able to track changes applied to original sites such as insertions of banners, rewritings of text, or alterations to graphics.

Posted by scg at 22 May 2020, 9:15 am link
Last changed by admin on 21 April 2009