FishPhucker - Flipping the Phishing Con Game

Abstract: Several measures against phishing have been evaluated during the recent years. Users were educated, banking websites' authenticity was improved and out-of-band authentication methods were established, but phishing is still a problem. This paper focuses on a new method which tries to pay the phishers out in their own coin. It describes the functions and methods of the anti-phishing firefox extension FishPhucker and discusses design choices made during its implementation. In addition, a new protocol framework is introduced which aims on foisting faked user accounts, so called Phoneytokens, on the phisher. In its current state, the system deluges the phisher with faked accounts in order to significantly degrading the quality of the acquired data. We expect this approach to be significantly easier to deploy albeit effective.

Project Files

Presentation Files

• HAR 2009 presentation slides - Netherlands, August 2009

Technical Report

• Technical Report (BETA-version)

Multimedia Files

• Videos (ogv-format can be played with VLC, have a look at the slides too for understanding the context)
1. How does Phishing work in the wild?
2. How does a logfile of a phishing server look like?
3. How does the FishPhucker Pre-Analysis System work?
4. What's the effect of a FishPhucker client in the wild?

Source Code

• main.js - main JavaScript file of the FishPhucker-Extension which contains the logic
• FishPhucker.tar.gz (download und unpack for reading the source)