Recent years have witnessed increasing threats of phishing attacks on mobile computing platforms. In fact, mobile phishing is particularly dangerous due to the hardware limitations of mobile devices and the habits of mobile users. Phishing attack is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. It often directs users to enter personal information at a fake website, the look and feel of which is identical to the legitimate site. The most common technique to detect suspicious webpages links is blacklist and whitelist approach, in addition to machine learning and visual similarity techniques. Although, these existing solutions are useful, they are limited due to outdated databases, limited datasets, false positive, and/or expensive analysis. The aim of this research paper is overcome some of these limitations by proposing an anti-phishing approach that protects users’ data from phishing attacks by focusing on phishing links that direct users to semi-legitimate login webpages. The proposed approach is a hybrid solution that utilizes the advantages of some of the available solutions, i.e., blacklist and whitelist technique, and introduces two new anti-phishing techniques; page detection and dummy data techniques, in which phishing detection is performed in three phases. The authors believe that, this innovative approach can solve some of the challenges facing the existing approaches such as detecting new phishing links that are not reported in blacklist databases. The experimental study has shown good and encouraging results in which the proposed approach surpassed some of the available commercial anti-phishing tools.
Phishing; Mobile Phishing; Smishing; Phishing Detection; Anti-Phishing; Phishing Attacks