BogusBiter

Chuan Yue, Haining Wang
2010 ACM Transactions on Internet Technology  
Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing sites. In this paper, instead of preventing human users from "biting the bait," we propose a new approach to protect against phishing attacks with "bogus bites." We develop BogusBiter, a unique
more » ... ent-side anti-phishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. BogusBiter conceals a victim's real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches. We implemented BogusBiter as an extension to Firefox 2 web browser, and evaluated its efficacy through real experiments on both phishing and legitimate web sites. Our experimental results indicate that it is promising to use BogusBiter to transparently protect against phishing attacks.
doi:10.1145/1754393.1754395 fatcat:izxe5ydanjeghnbcqudx3sb5ly