SpoofCatch: A Client-Side Protection Tool Against Phishing Attacks

To protect against web spoofing attacks, most antiphishing solutions in the literature either escape certain attack patterns or are based on complex sets of parameters to identify phishing attacks or suffer from both. In this article, we propose that phishing attacks can be prevented by simply relying on an overall visual appearance of the web page that the user sees. To realize our claim, we propose a client-side protection mechanism based on visual similarity of web pages and implement our mechanism as a browser extension, dubbed SpoofCatch. For similarity comparison between genuine and phished web pages, four similarity algorithms have been implemented and integrated in the extension. To evaluate the solution, large scale and extensive experiments have been conducted that demonstrate SpoofCatch can capture all phishing attacks with acceptable overhead.